08-24-2012 11:01 AM
Hello, First time poster. I have recently configured an ASA to accept vpn connections using L2TP. It works fine with Pre-shared key and local authentication as well PSK and Radius backend.
I am now trying to use digital certificates for the IKE peer using the ASA as a local ca for testing purposes but will more than likley migrate the CA to a third party.
I have enabled the Local Ca, created the Identity Certificate was able issue my host vpnuser certificate from the ASA.
On my windows client i have Type of VPN set to: L2TP/IPSEC under advanced i have use certificate for authentication
with Data encryption set to require encryption. and my Authentication set Use EAP Microsoft: smart card or certificate.
when i try to connect i get IP=xxx.xxx.xxx.xxx, Error processing payload: Payload ID:1
If i switch it back to PSK it works fine.
This is my first time diving in to digital certificates so any help would be appreciated
08-24-2012 11:09 AM
The ASA LocalCA only supports SSL-VPNs. So I wouldn't expect it to work with IPSec.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-24-2012 11:16 AM
Thanks that saves me from continuing to test with that setup. I working on getting Windows CA up and running, Have you seen any one or know of any tutorials on using L2TP/IPSEC with certificates without the Cisco Client?
08-24-2012 11:22 AM
sorry, I'm not aware of any tutorial for that. Just the "normal" config-guides:
http://www.cisco.com/en/US/partner/docs/security/asa/asa84/configuration/guide/vpn_l2tp_ipsec.html
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide