EasyManuals Logo
Home>Cisco>Firewall>ASA 5512-X

Cisco ASA 5512-X Cli Configuration Guide

Cisco ASA 5512-X
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #957 background imageLoading...
Page #957 background image
1-21
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Digital Certificates
Configuring Digital Certificates
Configuring Proxy Support for SCEP Requests
To configure the ASA to authenticate remote access endpoints using third-party CAs, perform the
following steps:
Step 3
show crypto ca server certificate
Example:
hostname/contexta(config)# show crypto ca server
certificate Main
Verifies that the enrollment process was successful by
displaying certificate details issued for the ASA and
the CA certificate for the trustpoint.
Step 4
write memory
Example:
hostname/contexta(config)# write memory
Saves the running configuration.
Command Purpose
Command Purpose
Step 1
crypto ikev2 enable outside client-services port
portnumber
Example:
hostname(config-tunnel-ipsec)# crypto ikev2 enable
outside client-services
Enables client services.
Note Needed only if you support IKEv2.
Enter this command in tunnel-group ipsec-attributes
configuration mode.
The default port number is 443.
Step 2
scep-enrollment enable
Example:
hostname(config-tunnel-general)# scep-enrollment
enable
INFO: 'authentication aaa certificate' must be
configured to complete setup of this option.
Enables SCEP enrollment for the tunnel group.
Enter this command in tunnel-group
general-attributes configuration mode.
Step 3
scep-forwarding-url value URL
Example:
hostname(config-group-policy)# scep-forwarding-url
value http://ca.example.com:80/
Enrolls the SCEP CA for the group policy.
Enter this command once per group policy to support
a third-party digital certificate. Enter the command in
group-policy general-attributes configuration mode.
URL is the SCEP URL on the CA.
Step 4
secondary-pre-fill-username clientless hide
use-common-password password
Example:
hostname(config)# tunnel-group remotegrp
webvpn-attributes
hostname(config-tunnel-webvpn)#
secondary-pre-fill-username clientless hide
use-common-password secret
Supplies a common, secondary password when a
certificate is unavailable for WebLaunch support of
the SCEP proxy.
You must use the hide keyword to support the SCEP
proxy.
For example, a certificate is not available to an
endpoint requesting one. Once the endpoint has the
certificate, AnyConnect disconnects, then reconnects
to the ASA to qualify for a DAP policy that provides
access to internal network resources.

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Configuration Guide
Configuration Guide428 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
BrandCisco
ModelASA 5512-X
CategoryFirewall
LanguageEnglish

Related product manuals