cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1189
Views
0
Helpful
2
Replies

Certificate Requirement for Anyconnect with IPSEC IKeV2

mahesh18
Level 6
Level 6

 

 

Hi Everyone,

 

We are implementing Anyconnect with IKEv2  .

Need to know if i can do this without Valid certificate from CA?

Will this work with ASA self signed certificate?

 

Regards

 

Mahesh

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Mahesh,

SSL is only used for a few initial steps ("client services" - such as downloading AnyConnect package and profile.xml file) in an IPsec IKEv2 remote access VPN.

Just like with the more familiar SSL VPN, you may use a self-signed certificate on the ASA in conjunction with IKEv2.

Your clients will have to either click past the warning message for the untrusted server every time or else install the ASA's self-signed certificate in their trusted root CA store. with a public CA-issued certificate they won't have to do either of those things.

There are a couple of excellent documents elsewhere here on CSC that you should reference in your deployment. Here are links to them:

Reference #1

Reference #2

View solution in original post

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

Mahesh,

SSL is only used for a few initial steps ("client services" - such as downloading AnyConnect package and profile.xml file) in an IPsec IKEv2 remote access VPN.

Just like with the more familiar SSL VPN, you may use a self-signed certificate on the ASA in conjunction with IKEv2.

Your clients will have to either click past the warning message for the untrusted server every time or else install the ASA's self-signed certificate in their trusted root CA store. with a public CA-issued certificate they won't have to do either of those things.

There are a couple of excellent documents elsewhere here on CSC that you should reference in your deployment. Here are links to them:

Reference #1

Reference #2

Many thanks.

Link was wonderful

 

Regards

MAhesh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: