I need to implement ipsec vpn for about 10-15 users. They all use cisco vpn client 5.x and we have a cisco ios router in the office. We already have a working situation for these users. However it has become a need that only known devices (company laptops) are allowed to setup a vpn.
I figure the only way to accomplish this is to use certificates. But we don't won't to buy certificates if there's a free way to set this up. So my question is
1) What options do I have to setup ipsec vpn, where only known devices can succesfully setup a vpn and all other unknown devices are blocked?
2) If certificates is the only way. Can I somehow produce these certificates myself using cisco ios router?
3) anyone have a example of a similar setup/configuration?
Thanks in advance.
Unfortunately if you connect to IOS router, there is no other way except using certificate. If you are connecting to a Cisco ASA firewall, then you can identify company laptop using DAP (Dynamic Access Policy).