Cisco ASA DigiCert 2013 7 8
Cisco ASA VPN DigiCert : 2013 7 8 Copyright 2018 DigiCert, Inc. All rights reserved. DigiCert DigiCert DigiCert, Inc. Symantec Norton Symantec Corporation DigiCert, Inc. DigiCert, Inc. FAR 12.212 Commercial Computer Software - Restricted Rights FAR Section 52.227-19 Rights in Commercial Computer Software or Commercial Computer Software Documentation DFARS 227.7202 104-0061 6 10 1 GINZA SIX 8 03-4560-3900 https://www.digicert.co.jp JPN-DIV-MPKI@digicert.com 2
1 DigiCert PKI Cisco VPN...4... 4 Cisco ASA VPN... 4... 5... 9 2 Cisco ASA VPN... 10 Cisco ASA VPN... 10... 10 CA... 11 Clientless SSL VPN... 12 VPN... 12 ios VPN... 12 Android VPN... 13 / VPN... 13 / VPN (PKI Client)... 14 3
1 DigiCert PKI Cisco VPN DigiCert PKI Platform DigiCert PKI Platform PKI DigiCert PKI Platform VPN Web DigiCert PKI Platform 8.7 Cisco Adaptive Security Appliance ASA VPN 1-1 Cisco Cisco ASA VPN Cisco Adaptive Security Appliance (ASA) VPN Cisco ASA 9.1 DigiCert PKI Cisco ASA VPN 1-1 DigiCert PKI Cisco VPN 4
DigiCert PKI Cisco VPN 1. Cisco VPN 2. VPN VPN Online Certificate Status Protocol OCSP VPN Certificate Revocation List CRL VPN CRL 3. Cisco VPN CA 4. Cisco VPN DigiCert PKI DigiCert PKI Cisco VPN 1-2 DigiCert PKI Platform DigiCert PKI Platform 8.x 1. DigiCert PKI Platform 8.x DigiCert PKI CA (CPF) DigiCert PKI ID DigiCert PKI DigiCert PKI ID DigiCert PKI ID DigiCert PKI Manager DigiCert PKI RA DigiCert PKI Platform DigiCert PKI Manager 2. DigiCert PKI Client Authentication 1. DigiCert PKI Platform DigiCert PKI Manager DigiCert PKI Client PIN 2. DigiCert PKI Manager 5
DigiCert PKI Cisco VPN 1-3 - ios ios - OS/ - DigiCert PKI Client PKI Client 3. 4. 5. Client Authentication 6. 7. ID 8. ios 1-2 VPN 1-4 1-2 ios VPN Connection name Server Host/IP /IP VPN : https://vpn.<company>.com 6
DigiCert PKI Cisco VPN 3. DigiCert PKI Manager 1. DigiCert PKI Manager 2. 3. ID 1 csv.csv 4 5. 5 2 6. UPN : 6 4. 4. 1-3 ios 1. App Store SM Cisco AnyConnect VPN 2. ios 3. 4. ID ID 5. 6. 7
DigiCert PKI Cisco VPN OS/ : Windows XP Windows 7 - Internet Explorer Firefox Apple OS X - Safari Firefox DigiCert PKI Platform 1. 2. 3. 4. 5. 6. DigiCert PKI Client PKI Client 1. 2. 3. 4. 5. 6. PKI Client PIN OK 8
DigiCert PKI Cisco VPN 1 1-4 ios OS/ DigiCert PKI Client PKI Certificate Services PKI Certificate Services PKI Client PIN PIN PKI Client 9
2 Cisco ASA VPN DigiCert PKI Cisco ASA VPN Cisco ASDM Cisco ASA VPN 10 Cisco ASA VPN 10 11 CA 12 Clientless SSL VPN Cisco ASA VPN 1. Cisco VPN URL 2. Cisco ASDM-IDM Launcher VPN IP 3. Device IP Address IP 2-1 Cisco ASDM-IDM Launcher 4. 5. OK Cisco ASDM VPN VPN 1. Configuration Remote Access VPN VPN Network (Client) Access Group Policies 2. New Group Policy More Tunelling Protocols IPSec Clientless SSL VPN SSL VPN Client Default Group policy 3. VPN / 1. Configuration Remote Access VPN VPN Network (Client) Access Group Policies Add IPsec Remote Access Connection Profile IPsec 10
Cisco ASA VPN 2-2 IPsec 2-3 CA 2. IKE Peer Authentication IKE VPN ID 3. 4. Default Group Policy 10 Enable IPsec Protocol IPsec 5. OK 6. Apply CA 1. Configuration Remote Access VPN VPN CA Certificates CA 2. DigiCert PKI Manager CA Install from a file - Browse CA Paste certificate in PEM format PEM -.pem.pem Paste certificate in PEM format PEM Use SCEP SCEP - SCEP URL 3. Install Certificate 11
Cisco ASA VPN Clientless SSL VPN 1. Configuration Remote Access VPN VPN Network (Client) Access Group Policies 2-4 Clientless SSL VPN VPN Cisco ASA VPN ios VPN 1. ios Cisco AnyConnect 2. Add VPN Connection VPN 3. 4. Connect with IPsec IPsec VPN 2-5 Cisco AnyConnect - IPsec 2. 3. 4. DNS Server group DNS 5. Default Group Policy 10 6. OK 5. VPN 12
Cisco ASA VPN 2-6 Cisco AnyConnect ios 3. Connected 2-7 Cisco AnyConnect - Android VPN 1. Android Cisco AnyConnect 2. 2-7 Cisco AnyConnect - / VPN 1. 2. VPN URL 3. OK 4. GROUP Login Cisco ASA 5. AnyConnect 13
Cisco ASA VPN 2-9 Cisco AnyConnect VPN Client 5. GROUP Login Cisco ASA 6. AnyConnect 2-11 Cisco AnyConnect VPN Client 6. Start AnyConnect AnyConnect VPN 2-10 Cisco AnyConnect VPN Client / 7. Start AnyConnect AnyConnect VPN 2-12 Cisco AnyConnect VPN Client PKI Client / VPN (PKI Client) 1. 2. VPN URL 3. OK 4. DigiCert PKI Client PIN OK 2018 DigiCert, Inc. All rights reserved.digicert DigiCert, Inc. 14