Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Configuring Digital Certificates between a hardware client and EZVPN Server

Dear all,

I'd like to ask whether someone knows how to configure the hardware client using CA?

Normally when using pre-shared key, in the hardware client we only need to configure crypto ipsec client ezvpn <name> and specify the ezvpn group underneath. But I couldn't find a place to configure the group without setting up the key.

Thanks in advance.


James Ren


Re: Configuring Digital Certificates between a hardware client a

Issue the certificate generate request command on the VPN 5000 Concentrator. Type certificate generate request ? in order to see available options. The VPN Concentrator takes a few moments to generate the request and the length of time depends on key length. The show certificate generator command displays the status of the request generation. If you are logged into the console, the "Certificate request is ready" message appears when the generation is complete

Community Member

Re: Configuring Digital Certificates between a hardware client a


Thanks very much for your reply. Indeed the EZVPN Server here I meant was any type of VPN devices including VPN concentrator. I've figured the problem out through the and if the trustpoint is used between the hardware client and the EZVPN Server endpoints, there is no need to configure group on the client side. But the ou in the certificate must be exactly the same with the group configured on the EZVPN Server.


James Ren

CreatePlease to create content