Not sure if Cisco documents it anywhere, but here goes.
What happens if you have multiple trustpoints defined on the ASA.
When a certificate is presented to the ASA, the appliance can use ANY trust point configured on the device and will use first one matching provided client type is matching.
You cannot change this behavior, except for specifying different certificate usage:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c4.html#wp2124040
You do however have control over which certificate is being SENT to the peers, this is what you configure under tunnel-groups and ssl CLIs.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment