Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1130
Views
5
Helpful
2
Replies

IKEv2 Certificate authentication

Go to solution
GeneticOne
Level 1
Level 1

‎06-18-2019 04:49 AM - edited ‎02-21-2020 09:40 PM

Hello all,

 

Is it possible to create two VPN Sessions with one Certificate (Private Key, Public Key)?

The ASA has his own Certificate and can Authenticate the other two but currently only one of the other peers can connect. If the otherone tries to establish a connection the first one will be deleted and the ASA creates a new one.

Both IPSec Gateways have there own Connection Profile but are using the same Certificate.

 

Is this behaviour specified in one of the RFCs to IKEv2 or Certificate authentication?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shakti Kumar
Cisco Employee
Cisco Employee

‎06-18-2019 11:43 AM

Hi,

 

That is correct, we currently look into the ID payload to maintain crypto session naturally if the certificate is same the ID payload would be same as well in which case the only 1 user can connect.

 

Thanks

Shakti

View solution in original post

2 Replies 2

Go to solution
Shakti Kumar
Cisco Employee
Cisco Employee

‎06-18-2019 11:43 AM

Hi,

 

That is correct, we currently look into the ID payload to maintain crypto session naturally if the certificate is same the ID payload would be same as well in which case the only 1 user can connect.

 

Thanks

Shakti

Go to solution
GeneticOne
Level 1
Level 1
In response to Shakti Kumar

‎06-19-2019 12:10 AM

Thank you for the Info :)

0 Helpful
Customers Also Viewed These Support Documents