Specifying The Trustpoint - Cisco PIX 500 Series Configuration Manual

Chapter 34 Configuring Easy VPN Services on the ASA 5505
For example, enter the following command to identify the VPN tunnel group named TestGroup1 and the
IKE preshared key my_key123.
hostname(config)# vpnclient vpngroup TestGroup1 password my_key123
hostname(config)#
To remove the attribute from the running configuration, enter the following command:
If the configuration of the ASA 5505 running as an Easy VPN client does not specify a tunnel group, the
client attempts to use an RSA certificate.
For example:
hostname(config)# no vpnclient vpngroup
hostname(config)#

Specifying the Trustpoint

A trustpoint represents a CA identity, and possibly a device identity, based on a certificate the CA issues.
These parameters specify how the security appliance obtains its certificate from the CA and define the
authentication policies for user certificates issued by the CA.
First define the trustpoint using the crypto ca trustpoint command, as described in
Trustpoints" section on page
name the trustpoint identifying the RSA certificate to use for authentication:
trustpoint_name names the trustpoint identifying the RSA certificate to use for authentication.
(Optional) chain sends the entire certificate chain.
For example, enter the following command to specify the identity certificate named central and send the
entire certificate chain:
hostname(config)# crypto ca trustpoint central
hostname(config)# vpnclient trustpoint central chain
hostname(config)#
To remove the attribute from the running configuration, enter the following command:
For example:
hostname(config)# no vpnclient trustpoint
hostname(config)#
OL-12172-03
no vpnclient vpngroup
39-7. Then enter the following command in global configuration mode to
vpnclient trustpoint trustpoint_name [chain]
no vpnclient trustpoint
Specifying the Tunnel Group or Trustpoint
Cisco Security Appliance Command Line Configuration Guide
"Configuring
34-7