03-11-2014 10:25 AM - edited 02-21-2020 07:33 PM
Hello all,
I am trying to configure up a 2911 via the following link...
http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115014-flexvpn-guide-cert-00.html
(AnyConnect to IOS Headend Over IPsec with IKEv2 and Certificates Configuration Example)
The only difference, is that I need the IOS router in the example (bsns-1941-4) to also be the IOS CA router (unlike the example which uses a different router, bsns-1941-3, as the CA). I am new to Client VPN and Certs so I am not sure what I am missing.
Is that even possible? Can a VPN headend use a certificate from itself (because it is the CA)? If so, what would that part of the configuration look like?
Thanks!
Ian
03-12-2014 12:42 AM
03-13-2014 06:17 AM
Thanks Marcin. Yeah, it is our OOB router so only about 4 people will be using it - not large at all. :-) I would have used another router as the CA but it is the only IOS router in the install (everything else is running NX-OS)
Do you have a good link on the CA set-up and enrolement procedure? I tried the link below but the 2911 does not have any of the "crypto ca" commands...
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/50282-ios-ca-ios.html
Thanks
03-13-2014 07:29 AM
Nevermind - replacing the "ca" with "pki"
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: