Showing results for 
Search instead for 
Did you mean: 
Cisco Community November 2020 Spotlight Award Winners

Anyconnect VPN with ikev2 and SCEP Auto-Enrollment


Hi all,

I came across a very odd situation where I was asked to configure double factor authentication for anyconnect using certificates and ldap authentication. During my implementation I was asked to configure both, windows certificate services with NDES and the ASA Anyconnect and I found it very troublesome because the windows instalation had to be made on a distributed environment where the main CA was a windows 2k8 and the NDES certificate service was installed on a 2K12 machine. During my experience I could not find any document teaching exactly how to configure both, windows and ASA so this document is intended to share my experience with you guys so anyone can be able to configure it very easily.

First let`s take a look at our topology:

Explaining what was shown:

1 - ASA 5525-X with failover

1 - Windows server 2008 with DNS, Active directory and Certificate Services

1 - Windows 2012 with NDES (Network Device Enrollment Serices)

1 - Iphone 5 with anyconnect

1 - Macbook with osx Lion

Content for Community-Ad