The trustpoint can be used for additional things like a certificate for Web services for ASDM instead of using a self signed certificate or for web services for Cut Proxy for instance. It just happens that VPN uses the feature as well. It isn't limited to VPN.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of kamran shakil Sent: Saturday, January 01, 2011 11:00 AM To: [email protected] Subject: [OSL | CCIE_Security] Interesting crypto stuff in MultiMode Context - guys - need clarification on this - plz... ~ I was working in multimode and just surprised myself to find that when i do crypto ( i know that in multi mode asa there is no support for vpn and dynamic routing ) , but i got the following options .... SYSTEM-SPACE/c1(config)# crypto ca ? configure mode commands/options: authenticate Get the CA certificate certificate Actions on certificates crl Actions on certificate revocation lists enroll Request a certificate from a CA export Export a trustpoint configuration with all associated keys and certificates in PKCS12 format, or export the identity certificate in PEM format import Import certificate or pkcs-12 data trustpoint Define a CA trustpoint Now , ????? why will have to make a CA TRUST POINT and ENROLL if i donot have the choice of making VPN in MultiMode..... ??? plz ....need answers.....i want to clarify this with experts !!!!
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
