I have an ASA 5510 that I have set up for SSL VPN using an internal web server for RADIUS authentication. Currently to access the VPN, a user types in HTTPS://IP
Since we are using the default SSL certificate from the device the user receives a pop up stating that the certificate has a problem, and they have to choose to continue or not.
I went to purchase a certificate and was told that we can't purchase an SSL cert for an IP address that we lease.
I usually leave the router/firewall configs for a security expert but have had little assistance in this area.
What would be the most secure way to proceed? Add an A record for the IP address through my ISP?
(The address we are using is the address for the external interface on the ASA.) or can we change the address being used for the VPN to be the same address as the one that the firewall translates through NAT?
Would it be better to add an additional address to the ASA just for the SSL VPN, is that possible?
IF anyone could give me some advice on which direction they've gone in setting up an SSL VPN with a 3rd party certificate on an ASA that would be very much appreciated. I've looked at the documentation on installing the cert ..I'm more confused on getting the security right on the addressing - is it a security risk to have an a record pointed to the IP addres of the external interface of my asa?
THANKS so much for your help.