| Security is always been the major concern for | | | | used with SSH, HTTPS. |
| most of the people and there were numerous | | | | The Cisco Adaptive Security Device Manager also |
| researches on improving the security. | | | | uses this for its connections to the device. One |
| Cryptography has been a major area of research | | | | can refer the document in order to understand |
| for most of the scientists. Network security is an | | | | the procedures for obtaining a digital certificate. |
| indispensable part. Customers need to trust the | | | | This document does not include the procedure for |
| network in order to use it. Thus the users of the | | | | the method of enrollment. One can find the use |
| network must be well guarded with privacy and | | | | of ASDM and also the final command-line interface |
| security. Confidentiality and integrity must be | | | | in the document. |
| maintained in order to make people use a | | | | One can refer various examples in order to get |
| network. Cisco security certificates mechanism | | | | better enlightenment about the things in the Cisco |
| and its aspects certificates deals with security | | | | IOS platform. A popular example includes the IOS |
| aspects of a network. In order to authenticate | | | | certificate enrollment. One can also refer to |
| network devices digital certificates are greatly | | | | related examples in order to understand about |
| used and they play a major role in authenticating | | | | VPN 3000 series. |
| users in a network and one can use it between | | | | One must make sure the following rules are |
| the network nodes to negotiate IPSec sessions. | | | | satisfied before proceeding to configuration. |
| There are three different ways in which a Cisco | | | | Configure your window server. |
| device recognizes itself in the network. | | | | Then make sure your server support Cisco axa |
| The first one is the preshared keys, where two | | | | pix version 7. 0 |
| or more devices have same shared secret key | | | | If required install extra dll files, in order to run the |
| and this is used by the peers for authentication. | | | | Cisco axa in window server. |
| They compute a data and send it in order to | | | | Try to get the add-on dll as exe extension. These |
| authenticate themselves. | | | | help you to add your Cisco application easily with |
| The receiver is expected to create the same | | | | the window server. |
| hash and this does not depend on the preshared | | | | Make sure the date and time zone is configured |
| key. It is based on the concept of using the same | | | | properly in the window server. |
| secret in order to build trust. This method looks | | | | Modules involved |
| very similar to olden ways of communication and | | | | Cisco asa with recent version should be used. |
| it is not very scalable. | | | | Cisco adaptive manager version should be |
| The other popular method include self-signed | | | | minimum 5. 0 |
| certificate where a device is used for this | | | | Window server should contain its certificate to |
| purpose. It generates own certificate and takes | | | | ensure ability to run the program properly. |
| ownership of it and signs it to be valid. One has to | | | | Added modules - This configuration also used in |
| use this certificate in a limited manner. A very | | | | Cisco pix series also. |
| good example which illustrates the usage of this | | | | Step by step procedure to configure Asdm. |
| certificate is SSH. One can also find HTTPS | | | | Click on Asdm application panel to choose |
| access to be a good example and what it | | | | configuration button. |
| requires is all a username and a password. This is | | | | Try to choose device manager from driver menu. |
| the primary requirement in order to establish a | | | | Enter the domain and the host name properly. |
| connection. One must be aware of the reloading | | | | Then after configuration, click the save button. |
| of the persistent self-signed certificates which has | | | | Configure asa with proper time and date, and |
| the ability to survive reloads. It has the ability to | | | | make sure the time setting is correct and |
| be store in non-volatile RAM. This factor makes it | | | | matches with their time zones. To do the above |
| to be persistent. SSl VPN is an excellent example | | | | configuration login in to ntp server. |
| for persistent SSI which has got a nonvolatile | | | | Click the application panel, choose clock under |
| RAM. Another popular certificate is the certificate | | | | device administration. |
| authority in which a third party is used for the | | | | You can now able to see the calendar, choose |
| validation process. He is used to authenticate the | | | | the correct date and time in the calendar. Click |
| parties that are trying to communicate. Each | | | | the save button and close the window. |
| party is given with a public and a private key. | | | | Now let us see how to configure the asa. |
| The public key is employed for the encryption | | | | In the application panel, choose key pair under the |
| process and the private key is used with the | | | | certificate option. |
| decryption process. Since they are using the | | | | Click add button, you get a pop up that asks you |
| certificates, which were generated from the | | | | to fill the key name and size of key name. |
| same source they are given assurance of the | | | | Click generate key now and close the window. |
| identities. In order to obtain the digital certificate | | | | Let us see the steps to add the network under |
| one can use the ASA device. This is used to | | | | trust worthy option in server. |
| obtain the certificate from the third party. | | | | Click on application panel and click add. |
| One has to undergo an enrollment process and | | | | Here click the edit trustworthy configuration. |
| this can either be a manual or an automatic | | | | Fill the available key pair and give the related |
| enrollment process. This method and the digital | | | | Microsoft URL address for the key used in server. |
| certificate is based on third party product and the | | | | Let us see the steps to configure control retrieval |
| certificate service is vendor based. One has to | | | | methods. |
| contact the vendor to obtain more information on | | | | Make sure you uncheck the directory access |
| this. One or more pre-shared keys are used with | | | | protocol. |
| Cisco Adaptive security or third parties are | | | | Enable the simple http protocol by just putting |
| involved in providing digital certificates which are | | | | check mark in check box. |
| used in the authentication of IPSec. Self-signed | | | | Click save button and close it. |
| digital certificates can also be produced which are | | | | |