Solved

SSL Keys on Cisco ASAs

Posted on 2013-01-28
2
176 Views
Last Modified: 2013-03-29
I need to know if the following function is capable on the Cisco ASA. I want to be able to install third party SSL certificates/Keys on the ASA in order to ensure secure (https) connections to respective websites.

Currently the approach we have taken is to install SSL certificates/keys from a third party directly on the server hosting the secure site and then configuring the ASA to allow https traffic to that server. What we would like to do is instead of installing these certificates/keys on the servers directly, install them on the ASA and have it handle the secure connection.

Is this possible? What is it called, so that when I speak to Cisco I am asking for the right thing?

Thanks!!
0
Comment
Question by:dowhatyoudo22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 20

Accepted Solution

by:
rauenpc earned 250 total points
ID: 38828595
This would be called SSL Proxy. I don't believe the ASA supports this except for clientless SSL where the ASA will proxy SSL certs between the client and server via the portal. In your case, the ASA probably can't provide the solution. If someone else knows how, I'd love to find out as well.

Most, if not all, load-balancers can handle SSL proxy the way you described. This is partly because it's a nice feature and mostly because it's a requirement to proxy certificates when the end user is being routed/balanced to multiple servers transparently.

Which load-balancer should you choose and how do you configure this magic box? No clue. I have brochure-level knowledge of these, but i do know that in a previous job the load-balancer specialists were doing this all the time because SSL connections were being balanced among dozens of servers in a very high IO datacenter. I was only involved in the routing and switching surrounding this process and never got to see the guts of the load-balancers.
0
 
LVL 12

Assisted Solution

by:ryan80
ryan80 earned 250 total points
ID: 38828667
This is not possible, unless there have been changes that I am not aware of. You will need a reverse proxy solution to do this.

Something like Microsoft TMG would fill this role. As has already been pointed out, a load balancer can handle this as well. There are many choices depending on your budget, linux options that would only be the price of the hardware, F5, Microsoft, Baracudda, KEMP........

I am using TMG in my environment, so all https connections are proxied through the TMG server. The SSL cert is installed on the web server and the TMG server so the traffic is encrypted all the way through.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question