Hi Nick,

Dogtag and RHCS have been tested with Cisco ASA 5100 in the past. CA tests successfully issued certificates to Cisco ASA 5100 router via SCEP protocol. However, router's bug was discovered during this testing showing that router does not generates keys with proper parity. This issue occurs only when CA is connected to NetHSM since NetHSM rejects keys without proper parity. If you are experiencing this issue, you may search Cisco software updates for a fix.

Thank you,
Andrew


On 10/11/2012 07:20 AM, Ritter, Nicholas wrote:

Is anyone using, or has tested, Dogtag with certificate based VPN? And more specifically with Cisco ASA Anyconnect and IPSEC VPN?

 

I searched through the dogtag mailing list archive and the Cisco forums and found someone tried to do this in 2010 and had problems that I can only assume there was no resolution to. The last posting I saw was someone giving the blanket vendor reason of “Cisco does not support that CA”. Given that there has not been a posting since, and that was two years ago, I was curious if anyone had tested/implemented it?

 

Nick