My goal is to create a configuration utilizing FLexVPN and the AnyConnect client without using certificates.
In referencing these documents (
https://supportforums.cisco.com/docs/DOC-28511), I noticed each guide is referring to EAP, which requires the use of certificates. We are fine with using PSKs.
Can somebody please share an example of how to configure an ISR G2 router with FlexVPN that will support connecting with an AnyConnect client (Win 8, 7, XP iOS, Android) without the use of certificates with either local DB authentication or RADIUS?
The problem is getting a EKU/KU on the certificate. If you can craft if and make sure it's trusted by all the clients, indeed it's _theoretically_ possible for self-signed to work.
I might not be 100% up to date on this one.