×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Certificate Requirement for Anyconnect with IPSEC IKeV2

Answered Question
Apr 14th, 2014
User Badges:

 

 

Hi Everyone,

 

We are implementing Anyconnect with IKEv2  .

Need to know if i can do this without Valid certificate from CA?

Will this work with ASA self signed certificate?

 

Regards

 

Mahesh

Correct Answer by Marvin Rhoads about 3 years 4 months ago

Mahesh,

SSL is only used for a few initial steps ("client services" - such as downloading AnyConnect package and profile.xml file) in an IPsec IKEv2 remote access VPN.

Just like with the more familiar SSL VPN, you may use a self-signed certificate on the ASA in conjunction with IKEv2.

Your clients will have to either click past the warning message for the untrusted server every time or else install the ASA's self-signed certificate in their trusted root CA store. with a public CA-issued certificate they won't have to do either of those things.

There are a couple of excellent documents elsewhere here on CSC that you should reference in your deployment. Here are links to them:

Reference #1

Reference #2

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Marvin Rhoads Mon, 04/14/2014 - 14:33
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Mahesh,

SSL is only used for a few initial steps ("client services" - such as downloading AnyConnect package and profile.xml file) in an IPsec IKEv2 remote access VPN.

Just like with the more familiar SSL VPN, you may use a self-signed certificate on the ASA in conjunction with IKEv2.

Your clients will have to either click past the warning message for the untrusted server every time or else install the ASA's self-signed certificate in their trusted root CA store. with a public CA-issued certificate they won't have to do either of those things.

There are a couple of excellent documents elsewhere here on CSC that you should reference in your deployment. Here are links to them:

Reference #1

Reference #2

mahesh18 Mon, 04/14/2014 - 16:48
User Badges:

Many thanks.

Link was wonderful

 

Regards

MAhesh

Actions

This Discussion