I am working on getting Easy VPN Server to work with vpnclient over pub internet. We dont want to use a preshared key or a CA, so im setting authentication with 'authentication rsa-encr' in the IKE policy. I am to understand this can setup public and private keys without actually needing a CA.
I know what I want to do but I am finding it hard to find a config example for both the server and the vpnclient software. I somehow need to generate pub/priv keys on both sides and get the other access to the pub key. Im new to cisco vpn and the ISR router, so Im having trouble with exactly how to setup the key generation between the client and router and get this working.
shared-key does work for me. I have one 2851 ISR router and want to allow home based users the ability to access the corporate WAN with a digital certificate on both sides. I have read several documents from Cisco, but I dont have a CA.
I can use openssl if needed, and did have one key accepted into cut and past but the vpn failed to connect because of a bad key error.
Does anyone have info on this particular setup?