I have a remote user with an ASA-5505 which needs to establish vpn tunnels to two different ASA-5520's. The remote user has a dynamic IP for his outside address.
I can configure it to work with DefaultL2LGroup for the pre-shared-key, but that creates security conflicts with my remote VPN users which use DefaultL2LGroup.
Is there a way to use digital certificates which I can generate from each ASA-5520, and manualy import the public keys into the ASA-5505.
I do mave multiple ASA-5505's but each only has to establish tunenls to the two different 5520's.
All the docutmention I can find uses a Microsoft CA and I want to set this up (unless it's a security breach) without one.
Is there a way to do this like with SSH where I can copy the public key to the remote end?