We are implementing Anyconnect with IKEv2 .
Need to know if i can do this without Valid certificate from CA?
Will this work with ASA self signed certificate?
SSL is only used for a few initial steps ("client services" - such as downloading AnyConnect package and profile.xml file) in an IPsec IKEv2 remote access VPN.
Just like with the more familiar SSL VPN, you may use a self-signed certificate on the ASA in conjunction with IKEv2.
Your clients will have to either click past the warning message for the untrusted server every time or else install the ASA's self-signed certificate in their trusted root CA store. with a public CA-issued certificate they won't have to do either of those things.
There are a couple of excellent documents elsewhere here on CSC that you should reference in your deployment. Here are links to them: