I generated an Enterprise CA on my domain (secops), and I'm trying to generate an identity cert for a client network so we can use Duo with FMC/FTD. Everything is working from "MY" domain joined computer (following the Microsoft/ISE export/CSR process), I have my ACC-ROOT-CA, pasted the contents into the FTD > Add Cert Enrollment > CA Certificate|Manual page, generated CSR, took the contents and back to the CA server to sign the cert, getting the .cer with my client's certificate information (O=IT, etc). My client gets an authentication server failed and so do I from any non-domain joined computer. How do we create a cert such that any computer with that cert stored in the Trusted Root Cert Authority can pass authentication? Once that is resolved, it will all work b/t Duo SSO and RAVPN with FTD!

Are you talking about from two different FMC, one running 6.4 to the other running 7.0? If so, not that I know of.

What is the exact issue you are having?

If you use switches for border node that can be virtualized, either stackable or stackwise virtual, then do so to minimize the number of BGP connection you will need to fusion device. All the underlay links in the fabric should always be redundant and routed, so no VLAN or STP should exist. You can refer to Cisco recommended design in the SDA CVD below. It covers all the different size deployments.

You are not allowed to view links. Register or Login