I need help or guide about how to setup as state in the title.
Is this configuration can be done? or the self-signed certificate can never be used for VPN certificate.
Unfortunately we can't deploy a dedicated CA Server.
But we can't use preshared-key authentication also because the configuration would force our ASA to disable the "isakmp am-disable" which is unacceptable according to our independent network auditor.
So the best solution i can think is we have to use self-signed certificate to accomodate this.
Please advice me if there is somehow i can use "isakmp am-disable" along with preshared key.
Can i generate certificate using my ASA box ? or i really need to use dedicated CA Server to make it work.
Here is an sample of the self-signed certificate from ASA but i can't import it to my Cisco VPN Client 5.0 it keep say "Error 39: Unable to import certificate"
I'll be very very grateful to any guidance provided.
You need to have a separate CA server to issue the certificates for the client and you need to enroll the ASA to the CA server.
You cant use the self-signed certificate on the ASA for the VPN client.