Search results “Crypto pki trustpoint tp self signed cisco”
Cisco site to site VPN with digital certificates authentication (IOS based Certificate Authority).
This is a basic configuration of Cisco IOS based CA for handing out self signed certificates to VPN peers. Please note that prior to setting up CA server, all the routers need to be synched up with a NTP server. otherwise certificates get a wrong timestamp and could cause the VPN peering to fail. Hope this has been helpful and thank you.
Views: 18873 hesam shahbazian
Rebuild Branden's Lab - Chapter 10 - Adding Cisco Switch with MAC Auth
version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Cisco_Lab_3750 ! boot-start-marker boot-end-marker ! enable password password ! username admin privilege 15 password 0 password username test-radius privilege 0 password 0 BadPass123 ! ! aaa new-model ! ! aaa group server radius NAC server auth-port 1812 acct-port 1813 ! aaa authentication login default local aaa authentication enable default enable none aaa authentication dot1x default group NAC aaa authorization network default group NAC aaa accounting update periodic 5 aaa accounting dot1x default start-stop group NAC ! ! aaa server radius dynamic-author server-key ETS_TAG_SHARED_SECRET auth-type any ! aaa session-id common clock timezone CST -6 clock summer-time CDT recurring switch 4 provision ws-c3750g-24ps system mtu routing 1500 authentication mac-move permit authentication critical recovery delay 1000 no ip domain-lookup ! ! ip dhcp snooping vlan 1,20 ip dhcp snooping ip device tracking ! epm logging ! crypto pki trustpoint TP-self-signed-3361366272 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3361366272 revocation-check none rsakeypair TP-self-signed-3361366272 ! ! crypto pki certificate chain TP-self-signed-3361366272 certificate self-signed 01 quit dot1x system-auth-control dot1x critical eapol ! ! ! ! spanning-tree mode mst spanning-tree extend system-id ! vlan internal allocation policy ascending lldp run ! ! ! ! interface range GigabitEthernet4/0/1-23 switchport mode access authentication control-direction in authentication event fail action next-method authentication event server dead action authorize vlan 3 authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication violation replace mab dot1x pae authenticator dot1x timeout tx-period 2 spanning-tree portfast ! interface GigabitEthernet4/0/24 description “Uplink” switchport trunk encapsulation dot1q switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet4/0/25 ! interface GigabitEthernet4/0/26 ! interface GigabitEthernet4/0/27 ! interface GigabitEthernet4/0/28 ! interface Vlan1 ip address ! interface Vlan20 ip address ! ip default-gateway ip classless ip http server ip http secure-server ! ! ip radius source-interface Vlan1 ip sla enable reaction-alerts ! snmp-server group V3Group v3 auth read V3Read write V3Write snmp-server view V3Read iso included snmp-server view V3Write iso included snmp-server user snmpuser V3Group v3 auth md5 snmpauthcred priv des snmpprivcred radius-server attribute nas-port format c radius-server dead-criteria time 30 tries 3 radius-server host auth-port 1812 acct-port 1813 test username test-radius key ETS_TAG_SHARED_SECRET radius-server vsa send accounting radius-server vsa send authentication ! ! line con 0 line vty 0 4 password password logging synchronous line vty 5 15 password password logging synchronous ! ntp clock-period 36029358 ntp server end
Views: 73 Branden Henner
How to Install an ASA VPN (SSL) Certificate: Cisco ASA Training 101
http://www.soundtraining.net-cisco-asa-training-101 Learn how to generate a CSR (Certificate Signing Request) to submit to a CA (Certificate Authority) and how to install the signed certificate from the CA. In this Cisco ASA tutorial, IT author-speaker Don R. Crawley shows you the basics of digital certificate management using a combination of the CLI (command line interface) and the GUI (graphical user interface) on a Cisco ASA Security Appliance.
Views: 113287 soundtraining.net