Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Certificate Requirement for Anyconnect with IPSEC IKeV2

 

 

Hi Everyone,

 

We are implementing Anyconnect with IKEv2  .

Need to know if i can do this without Valid certificate from CA?

Will this work with ASA self signed certificate?

 

Regards

 

Mahesh

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Mahesh,SSL is only used for a

Mahesh,

SSL is only used for a few initial steps ("client services" - such as downloading AnyConnect package and profile.xml file) in an IPsec IKEv2 remote access VPN.

Just like with the more familiar SSL VPN, you may use a self-signed certificate on the ASA in conjunction with IKEv2.

Your clients will have to either click past the warning message for the untrusted server every time or else install the ASA's self-signed certificate in their trusted root CA store. with a public CA-issued certificate they won't have to do either of those things.

There are a couple of excellent documents elsewhere here on CSC that you should reference in your deployment. Here are links to them:

Reference #1

Reference #2

2 REPLIES
Hall of Fame Super Silver

Mahesh,SSL is only used for a

Mahesh,

SSL is only used for a few initial steps ("client services" - such as downloading AnyConnect package and profile.xml file) in an IPsec IKEv2 remote access VPN.

Just like with the more familiar SSL VPN, you may use a self-signed certificate on the ASA in conjunction with IKEv2.

Your clients will have to either click past the warning message for the untrusted server every time or else install the ASA's self-signed certificate in their trusted root CA store. with a public CA-issued certificate they won't have to do either of those things.

There are a couple of excellent documents elsewhere here on CSC that you should reference in your deployment. Here are links to them:

Reference #1

Reference #2

Community Member

Many thanks.Link was

Many thanks.

Link was wonderful

 

Regards

MAhesh

309
Views
0
Helpful
2
Replies
CreatePlease to create content