EasyManuals Logo
Home>Cisco>Firewall>ASA 5540

Cisco ASA 5540 User Manual

Cisco ASA 5540
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #957 background imageLoading...
Page #957 background image
1-21
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Digital Certificates
Configuring Digital Certificates
Configuring Proxy Support for SCEP Requests
To configure the ASA to authenticate remote access endpoints using third-party CAs, perform the
following steps:
Step 3
show crypto ca server certificate
Example:
hostname/contexta(config)# show crypto ca server
certificate Main
Verifies that the enrollment process was successful by
displaying certificate details issued for the ASA and
the CA certificate for the trustpoint.
Step 4
write memory
Example:
hostname/contexta(config)# write memory
Saves the running configuration.
Command Purpose
Command Purpose
Step 1
crypto ikev2 enable outside client-services port
portnumber
Example:
hostname(config-tunnel-ipsec)# crypto ikev2 enable
outside client-services
Enables client services.
Note Needed only if you support IKEv2.
Enter this command in tunnel-group ipsec-attributes
configuration mode.
The default port number is 443.
Step 2
scep-enrollment enable
Example:
hostname(config-tunnel-general)# scep-enrollment
enable
INFO: 'authentication aaa certificate' must be
configured to complete setup of this option.
Enables SCEP enrollment for the tunnel group.
Enter this command in tunnel-group
general-attributes configuration mode.
Step 3
scep-forwarding-url value URL
Example:
hostname(config-group-policy)# scep-forwarding-url
value http://ca.example.com:80/
Enrolls the SCEP CA for the group policy.
Enter this command once per group policy to support
a third-party digital certificate. Enter the command in
group-policy general-attributes configuration mode.
URL is the SCEP URL on the CA.
Step 4
secondary-pre-fill-username clientless hide
use-common-password password
Example:
hostname(config)# tunnel-group remotegrp
webvpn-attributes
hostname(config-tunnel-webvpn)#
secondary-pre-fill-username clientless hide
use-common-password secret
Supplies a common, secondary password when a
certificate is unavailable for WebLaunch support of
the SCEP proxy.
You must use the hide keyword to support the SCEP
proxy.
For example, a certificate is not available to an
endpoint requesting one. Once the endpoint has the
certificate, AnyConnect disconnects, then reconnects
to the ASA to qualify for a DAP policy that provides
access to internal network resources.

Table of Contents

Other manuals for Cisco ASA 5540

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5540 and is the answer not in the manual?

Cisco ASA 5540 Specifications

General IconGeneral
BrandCisco
ModelASA 5540
CategoryFirewall
LanguageEnglish

Related product manuals