The ACS 4.x and 5.x has the option to generate the self-signed certificate which can be used for PEAP connections. If you want to use the feature called "Validate server certificate" in the client side, you only need to export the self-signed certificate and install it in the client side (PC).
If what you have is an ACS 5.x you have the option to generate the self-signed for management or EAP, in this case you need to select EAP.
If what you have is an ACS 4.x then you can skip the previous step, the same certificate should work.
That's correct, for PEAP you don't need an external CA. The ACS server is capable to generate certificates for your PEAP wired or wireless connections.
Well it's more secure to use the "Validate server certificate" option, however even though if you are not implementing this feature, the users still will need to have a valid username/password to get authenticated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...