Improve company productivity with a Business Account.Sign Up

x
?
Solved

SSL Keys on Cisco ASAs

Posted on 2013-01-28
2
Medium Priority
?
183 Views
Last Modified: 2013-03-29
I need to know if the following function is capable on the Cisco ASA. I want to be able to install third party SSL certificates/Keys on the ASA in order to ensure secure (https) connections to respective websites.

Currently the approach we have taken is to install SSL certificates/keys from a third party directly on the server hosting the secure site and then configuring the ASA to allow https traffic to that server. What we would like to do is instead of installing these certificates/keys on the servers directly, install them on the ASA and have it handle the secure connection.

Is this possible? What is it called, so that when I speak to Cisco I am asking for the right thing?

Thanks!!
0
Comment
Question by:dowhatyoudo22
2 Comments
 
LVL 20

Accepted Solution

by:
rauenpc earned 750 total points
ID: 38828595
This would be called SSL Proxy. I don't believe the ASA supports this except for clientless SSL where the ASA will proxy SSL certs between the client and server via the portal. In your case, the ASA probably can't provide the solution. If someone else knows how, I'd love to find out as well.

Most, if not all, load-balancers can handle SSL proxy the way you described. This is partly because it's a nice feature and mostly because it's a requirement to proxy certificates when the end user is being routed/balanced to multiple servers transparently.

Which load-balancer should you choose and how do you configure this magic box? No clue. I have brochure-level knowledge of these, but i do know that in a previous job the load-balancer specialists were doing this all the time because SSL connections were being balanced among dozens of servers in a very high IO datacenter. I was only involved in the routing and switching surrounding this process and never got to see the guts of the load-balancers.
0
 
LVL 12

Assisted Solution

by:ryan80
ryan80 earned 750 total points
ID: 38828667
This is not possible, unless there have been changes that I am not aware of. You will need a reverse proxy solution to do this.

Something like Microsoft TMG would fill this role. As has already been pointed out, a load balancer can handle this as well. There are many choices depending on your budget, linux options that would only be the price of the hardware, F5, Microsoft, Baracudda, KEMP........

I am using TMG in my environment, so all https connections are proxied through the TMG server. The SSL cert is installed on the web server and the TMG server so the traffic is encrypted all the way through.
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question