Not sure if I have done this correctly but I have made the following change to my ASA 5520 using ASDM to try and force VPN clients to use a self assigned certificate from the ASA. I made the following changes
Remote Access VPN > Network (Client) Access > IPSec(IKEv1) Connection Profiles > Connection Profile > Edit > IKE Peer Authentication > Pre Shared key and pointed the identity certificate to the one I created in the step above.
Having made this change I am still able to VPN without a certificate configured in authentication settings.
I was expecting that the VPN would attempt to issue the self assigned cert to client machine?
Am I on the right tracks or have I missed something?
Just to add.. I have since tried to export the certificate created above in both .pem and .p12 and .cer files and then imported into the x509Anchors keychain on mac 10.7.3 however when I try and select certificate option in the Cisco IPSec VPN settings in network connections I keep getting the following message
No Machine certificates found
Certificate authentication cannot be used because your keychain does not contain any suitable certificates. Use Keychain Access to import the appropriate certificates into your keychain. If you do not have the certificates required for authentication, contact your network administrator
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...