SSL Cert issue with Digicert SSL applied to Cisco 3945 while using Clouflare Proxy

Hello

We are an ISP for community banks and we provide VPN services to our customers using a 3945 routers within our DC’s. These routers have a SSL cert from Digicert to verify the WebVPN portion of this connection. Recently we have been having issues getting DDoS’d on these connections from all over the world and decided to bring this domain in Cloudflare to help mitigate these issues. What we are finding is that when we are in proxy mode our users are unable to connect using the FQDN but can by IP and group key for their respective connection. When they attempt to connect they are presented with following

10:21:52 AM Ready to connect.
10:22:02 AM Contacting [vpnpa.bitsnetwork.com/key hidden]
(http://vpnpa.bitsnetwork.com/key hidden).
10:22:03 AM Connection attempt has failed.
10:22:03 AM No valid certificates available for authentication.
10:22:03 AM Connection attempt has failed.

We have tried changing different settings within our dashboard on the SSL/TLS setting page but we are still getting the same error no matter what I change.

We are currently using the free account and feel this is an issue with the SSL cert that Cloudflare provides us in proxy mode and what is actually on the VPN routers from Digicert. Our question is do we need to import the Digicert cert to Cloudflare or do we need to utilize the cert from Cloudflare and replace the Digicert cert with this one while running in Proxy mode?

We also need to confirm there is no overhead using Cloudflare that will diminish our throughput of the routers as these are rated at 350 Mbps max.

Any assistance would be greatly appreciated as we are expecting a rash of remote users in the coming weeks due to the recent Corona Virus outbreak and want to make sure this will mitigate the DDOS issues.

Thank you
Todd

Cloudflare doesn’t proxy anything other than HTTP/HTTPS, which is probably why the VPN is failing. I would highly recommend you take these questions to sales (click contact sales on https://www.cloudflare.com/) to get something like Spectrum enabled.

2 Likes

Judge

I understand what Cloudflare proxies and the Cisco WebVPN is HTTPS for our customer base hence the reason I posted this on the community forum. I know Cloudflare is the cause of the issues just can’t isolate the exact issue which we think
it is being caused by the SSL cert we have installed for this service and not in Cloudflare. Spectrum is nothing we need at this time.

(Attachment image001.tiff is missing)