Hi experts, we have a requirement to setup an IPSec VPN tunnel. The requirements are:
1. The Certificates used are a "copy & paste" certificates from a CA. There is no CA available and reachable from either routers.
2. All certificates (Root, Intermediate and ID certificates) are successfully imported.
3. The IKEv2 parameters are defined as IKEv2 Hash = SHA256, DH group = 20, IPSec protocol = ESP, IPSec hash = SHA256 & IPSec encryption = AES256.
4. We have defined 3 trust points, 1 each for each certificate that was successfully imported.
Now the question is we have searched the internet for some clues on how to configure the IKEv2 with certificates but we could not find any except this:
According to the above link, there is a command:
crypto pki certificate map CRT 10
issuer-name co csfc
We do not hav the above commands and is it mandatory? We needed to be sure as we try to understand each command set before we configure this. Any help is appreciated! Thank you!
I've done this many a time.
This post shows you how to enroll a Cisco IOS Router manually (terminal enrollment) and this post shows you how to configure FlexVPN (IKEv2) with certificate authentication (this should help with the query regarding the Cert Map).
If you don't have those commands, what license do you have on the router?