You should be able to create

TVPLCISCO · ‎11-28-2014

I am configuring ASA 5512X for IPSec VPN for last couple of days. I use ASA5512X as local certificate server.I have created Identity Certificates. Then i create IPSec VPN group with certificate option instead of group authentication. Everything has been configured accordingly. I have also exported the CSR certificates from ASA to local PC. But when i try to connect the ASA from PC with Cisco VPN client i need profile certificate(.pcf). Please guide me how to generate .pcf certificate from self-signed identity certificate server of ASA5512X.

Karsten Iwen · ‎11-28-2014

You are using the wrong client. The local CA of the ASA only supports AnyConnect with SSL/TLS, but not the legacy VPN-Client.

More information on the local CA can be found in the config-guide:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/aaa_certs.html#pgfId-1125280

TVPLCISCO · ‎11-29-2014

What i need is a Certificate authentication instead of Group Authentication with self-signed certificate generated in ASA 5512X locally. Certificate must be unique for each user so that no user could able to login with his or her credential from any others machines.But i could not find any solution from the provided url.

Please guide me.

Marvin Rhoads · ‎11-29-2014

You should be able to create user certificates via the procedure in the document Karsten pointed you to. Reference. Few people use the ASA as a CA though as it is not a very sustainable or scalable solution.

The users would then need to download those certificates into their local certificate store. with that in hand, they could then create the pcf file locally and specify certificate authentication, choosing that newly downloaded certificate.

Of course you would be using a discontinued client that will not be supported for Windows 8 and later OS.

TVPLCISCO · ‎12-02-2014

Can anybody provide me the certificate authentication solution in ASDM?

IPSec VPN for ASA5512X