Professional Documents
Culture Documents
Deliver certificate
Participate in crypto
1
Plug in key
ACS FIREWALL Start client
Issue password User Certificate
User Private Key
User
3
Authenticate
With MW VPN
Authentication process:
1) Was user cert issued by ACS CA?
2) Does user cert OU match one of Customer VPN Router Tunnel Cert1
mine? Private K1
3) Do I have the CRL?
4) User not on CRL?
If all are true, user is authenticated
CA Certificate
4
SECURITY FIREWALL ACS Certificate CA Certificate RDP traffic
CA Private Key
Server
Tunnel Cert2
Private K2
Protocol Disconnect
5
Customer Defined traffic
on defined ports
Customer Firewall
ESP
Page 1
2
Deliver certificate
Participate in crypto
1
Plug in key
ACS FIREWALL Start client
Issue password User Certificate
User Private Key
User
3
Authenticate
With MW VPN
Authentication process:
1) Was user cert issued by ACS CA?
2) Does user cert OU match one of Customer VPN Router Tunnel Cert1
mine? Private K1
3) Do I have the CRL?
Request CRL if necessary 4) User not on CRL?
If all are true, user is authenticated
CA Certificate
4
SECURITY FIREWALL ACS Certificate CA Certificate RDP traffic
CA Private Key
Server
Tunnel Cert2
Private K2
Protocol Disconnect
5
Customer Defined traffic
on defined ports
Customer Firewall
ESP
Page 2
1
Plug in user key
Opt: erase key
Go to CA web page
Generate public/private key User Key
Request Certificate
ACS FIREWALL CA Admininstrator User
2
Admin login to CA
Issue Certificate Manually
Admin Key
CA Admininstrator
3
User Key
Go to CA web page
Install Certificate on Key
CA Admin ensures Customer VPN Router Tunnel Cert1
User sets key password Private K1
3 Key enforces PW complexity rules
Access CA Webpage CA and user test logon
CA Admininstrator To VPN router User
User Certificate
Signed by CA
2
User Private Key
CA Admin CA Certificate
Remote Access 1
Access CA Webpage
Tunnel Cert2
1 Private K2
Certificate Request
Approved
Jump Host
2
User Certificate
Signed by this CA
SECURITY FIREWALL ACS Certificate CA Certificate
CA Private Key
Server
2
Review Cert Request
Issue certificate
Customer Firewall
ESP
Page 3