cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1671
Views
0
Helpful
3
Replies
Highlighted

L2TP using certificates with ASA as LOCAL CA - Windows 7

                   Hello, First time poster. I have recently configured an ASA to accept vpn connections using L2TP. It works fine with Pre-shared key and local authentication as well PSK and Radius backend.

I am now trying to use digital certificates for the IKE peer using the ASA as a local ca for testing purposes but will more than likley migrate the CA to a third party.

I have enabled the Local Ca, created the Identity Certificate was able issue my host vpnuser certificate from the ASA.

On my windows client i have Type of VPN set to: L2TP/IPSEC under advanced i have use certificate for authentication

with Data encryption set to require encryption. and my Authentication set Use EAP Microsoft: smart card or certificate.

when i try to connect i get IP=xxx.xxx.xxx.xxx, Error processing payload: Payload ID:1

If i switch it back to PSK it works fine.

This is my first time diving in to digital certificates so any help would be appreciated

3 REPLIES 3
VIP Mentor

L2TP using certificates with ASA as LOCAL CA - Windows 7

The ASA LocalCA only supports SSL-VPNs. So I wouldn't expect it to work with IPSec.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

L2TP using certificates with ASA as LOCAL CA - Windows 7

Thanks that saves me from continuing to test with that setup. I working on getting Windows CA up and running, Have you seen any one or know of any tutorials on using L2TP/IPSEC with certificates without the Cisco Client?

VIP Mentor

L2TP using certificates with ASA as LOCAL CA - Windows 7

sorry, I'm not aware of any tutorial for that. Just the "normal" config-guides:

http://www.cisco.com/en/US/partner/docs/security/asa/asa84/configuration/guide/vpn_l2tp_ipsec.html

http://www.cisco.com/en/US/partner/docs/security/asa/asa72/configuration/guide/certs.html#wpxref51209

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni