Cisco Cisco ASA for Nexus 1000V Series Switch Manual Técnica

In the Add Key Pair dialog box, click the Enter new key pair name radio button.

5. 

Enter a name to identify the keypair.

This example uses sslvpnkeypair.

6. 

Click Generate Now.

7. 

In the Add Identity Certificate dialog box, ensure the newly created key pair is selected.

8. 

For Certificate Subject DN, enter the fully qualified domain name (FQDN) that will be used to
connect to the VPN terminating interface.

9. 

Click Advanced, and enter the FQDN used for the Certificate Subject DN field.

For example, FQDN: sslvpn.cisco.com

10. 

Click OK.

11. 

Check the Generate Self Signed Certificate check box, and click Add Certificate.

12. 

Click OK.

13. 

Click Configuration, and then click Remote Access VPN.

14. 

Expand Advanced, and choose SSL Settings.

15. 

In the Certificates area, choose the interface that will be used to terminate the SSL VPN (outside), and
click Edit.

16. 

In the Certificate drop−down list, choose the self−signed certificate that you generated earlier.

17. 

Click OK, and then click Apply.

18. 

ciscoasa(config)#crypto key generate rsa label sslvpnkeypair

INFO: The name for the keys will be: sslvpnkeypair

Keypair generation process begin. Please wait...

ciscoasa(config)#crypto ca trustpoint localtrust

ciscoasa(config−ca−trustpoint)#enrollment self

ciscoasa(config−ca−trustpoint)#fqdn sslvpn.cisco.com

ciscoasa(config−ca−trustpoint)#subject−name CN=sslvpn.cisco.com

ciscoasa(config−ca−trustpoint)#keypair sslvpnkeypair

ciscoasa(config−ca−trustpoint)#crypto ca enroll localtrust noconfirm

% The fully−qualified domain name in the certificate will be: sslvpn.cisco.com

ciscoasa(config)# ssl trust−point localtrust outside