?
Solved

SSL Keys on Cisco ASAs

Posted on 2013-01-28
2
Medium Priority
?
178 Views
Last Modified: 2013-03-29
I need to know if the following function is capable on the Cisco ASA. I want to be able to install third party SSL certificates/Keys on the ASA in order to ensure secure (https) connections to respective websites.

Currently the approach we have taken is to install SSL certificates/keys from a third party directly on the server hosting the secure site and then configuring the ASA to allow https traffic to that server. What we would like to do is instead of installing these certificates/keys on the servers directly, install them on the ASA and have it handle the secure connection.

Is this possible? What is it called, so that when I speak to Cisco I am asking for the right thing?

Thanks!!
0
Comment
Question by:dowhatyoudo22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 20

Accepted Solution

by:
rauenpc earned 750 total points
ID: 38828595
This would be called SSL Proxy. I don't believe the ASA supports this except for clientless SSL where the ASA will proxy SSL certs between the client and server via the portal. In your case, the ASA probably can't provide the solution. If someone else knows how, I'd love to find out as well.

Most, if not all, load-balancers can handle SSL proxy the way you described. This is partly because it's a nice feature and mostly because it's a requirement to proxy certificates when the end user is being routed/balanced to multiple servers transparently.

Which load-balancer should you choose and how do you configure this magic box? No clue. I have brochure-level knowledge of these, but i do know that in a previous job the load-balancer specialists were doing this all the time because SSL connections were being balanced among dozens of servers in a very high IO datacenter. I was only involved in the routing and switching surrounding this process and never got to see the guts of the load-balancers.
0
 
LVL 12

Assisted Solution

by:ryan80
ryan80 earned 750 total points
ID: 38828667
This is not possible, unless there have been changes that I am not aware of. You will need a reverse proxy solution to do this.

Something like Microsoft TMG would fill this role. As has already been pointed out, a load balancer can handle this as well. There are many choices depending on your budget, linux options that would only be the price of the hardware, F5, Microsoft, Baracudda, KEMP........

I am using TMG in my environment, so all https connections are proxied through the TMG server. The SSL cert is installed on the web server and the TMG server so the traffic is encrypted all the way through.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question