04-14-2014 08:03 AM - edited 02-21-2020 07:36 PM
Hi Everyone,
We are implementing Anyconnect with IKEv2 .
Need to know if i can do this without Valid certificate from CA?
Will this work with ASA self signed certificate?
Regards
Mahesh
Solved! Go to Solution.
04-14-2014 02:33 PM
Mahesh,
SSL is only used for a few initial steps ("client services" - such as downloading AnyConnect package and profile.xml file) in an IPsec IKEv2 remote access VPN.
Just like with the more familiar SSL VPN, you may use a self-signed certificate on the ASA in conjunction with IKEv2.
Your clients will have to either click past the warning message for the untrusted server every time or else install the ASA's self-signed certificate in their trusted root CA store. with a public CA-issued certificate they won't have to do either of those things.
There are a couple of excellent documents elsewhere here on CSC that you should reference in your deployment. Here are links to them:
04-14-2014 02:33 PM
Mahesh,
SSL is only used for a few initial steps ("client services" - such as downloading AnyConnect package and profile.xml file) in an IPsec IKEv2 remote access VPN.
Just like with the more familiar SSL VPN, you may use a self-signed certificate on the ASA in conjunction with IKEv2.
Your clients will have to either click past the warning message for the untrusted server every time or else install the ASA's self-signed certificate in their trusted root CA store. with a public CA-issued certificate they won't have to do either of those things.
There are a couple of excellent documents elsewhere here on CSC that you should reference in your deployment. Here are links to them:
04-14-2014 04:48 PM
Many thanks.
Link was wonderful
Regards
MAhesh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: