Solved: How to configure VPN on Cisco 2901 to use digital certificates

brcruz001 · ‎06-24-2017

Hi There!

I'm currently using my 2901 to enable VPN access through PPTP and would like to enable digital certificates for VPN access in order to enhance security. I couldn't find much info about this setup on the web. I've got two questions in my mind:

1 - I have a fairly simple setup and no CA on my network. Can I use the 2901 to create the certificate for my VPN clients?

2 - How can I configure my 2901 to work with this setup?

Thanks!

Philip D'Ath · ‎06-26-2017

PPTP is effectively deprecated. You should expect poor or buggy support.

This is an example I wrote of how to deploy Cisco AnyConnect on an IOS router using IKEv2 and certificates.

http://www.ifm.net.nz/cookbooks/Cisco-IOS-router-IKEv2-AnyConnect-Suite-B-Crypto.html

View solution in original post

Philip D'Ath · ‎06-26-2017

PPTP is effectively deprecated. You should expect poor or buggy support.

This is an example I wrote of how to deploy Cisco AnyConnect on an IOS router using IKEv2 and certificates.

http://www.ifm.net.nz/cookbooks/Cisco-IOS-router-IKEv2-AnyConnect-Suite-B-Crypto.html

brcruz001 · ‎06-26-2017

Philip,

Fantastic, thank you for the direction. My clients will be using iphones to log on VPN. Should I follow the same recipe to import the certificates (just drop .pem files of the iPhone)?

Philip D'Ath · ‎06-26-2017

Use the Cisco AnyConnect VPN client on iPhone to connect.

I believe you can just email the certificate to the user and then have the user double click on it to install the certificate.