Tom's Hardware > Forum > General Networking > VPN, VoIP, Video Conferencing, Remote Connections > Need help enrolling a certificate, Cisco VPN Client

Need help enrolling a certificate, Cisco VPN Client

Forum General Networking : VPN, VoIP, Video Conferencing, Remote Connections - Need help enrolling a certificate, Cisco VPN Client

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   07-20-2005 at 01:41:01 AM

Archived from groups: comp.dcom.vpn (More info?)

 

I've got the Cisco VPN Client 4.6.04 (0061) on my OSX-10.3 PowerBook. I'm
trying to enroll a certificate, but can't quite figure out the instructions.

I do Certificates/Enroll... and get the Certificate Enrollment dialog box.
I fill in the CA URL, CA Domain, Challenge Password, and New Password, and
get to the second screen. The CN, OU, O, ST, C, and E entries are straight
forward, but I'm stumped for what I'm supposed to enter for IP Address and
Domain. The docs say:

-------
IP Address--The IP address of your system, for example, 10.10.10.1.

Domain--The Fully Qualified Domain Name of the host for your system; for
example, Dialin_Server.
-------

What IP address (and FQDN) are they talking about? The IP address I got
from my DHCP server on my little home network? My externally visible
static IP address on the other side of my NAT box? Neither of these makes
much sense, but I can't think of anything else they might want. Or do they
mean the IP address of the VPN concentrator I'm going to attach to? My
employer runs about a dozen such concentrators (East Coast, West Coast,
Europe, etc, plus backups for each); if the latter interpretation is
correct, does that mean I need to enroll a new certificate for each one?

I'm also stumped by the example they give, "Dialin_Server", as supposedly
being a FQDN.

Add a reply
Sponsored Links
Register or log in to remove.
mark   07-20-2005 at 07:13:44 AM
- 0 +

Archived from groups: comp.dcom.vpn (More info?)

 

The IP address does mean your IP address, but it is usually optional.
If you have the default identity cert matching config on your VPN
concentrator then it will just do the basic cert checks (issued by the
same CA/CA hierarchy as own cert; within validity dates;etc) and
attempt to associate you with the appropriate user group based on
whatever you have typed for OU (this should be the same as the
corresponding group name on the VPN concentrator).

So, you shouldn't need to type an IP address- just leave it blank. And
you shouldn't have to enroll and obtain a certificate for each VPN
concentrator, unless that is each concentrator has a certificate from a
different CA/CA hierarchy (that would be pretty wierd!).

Hope that helps,

Mark

CCIE#6280 / CCSI#21051 / JNCIS#121 / etc

Author: www.ciscopress.com/1587051044

Reply to mark
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > VPN, VoIP, Video Conferencing, Remote Connections > Need help enrolling a certificate, Cisco VPN Client
Go to:

There are 925 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 2.847 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
They won a badge
Join us in greeting them