Remote access VPN with IPsec, IKEv1and internal MS CA certificates

fherlan · ‎05-15-2021

Hi all.

I am trying to set up remote access VPN from a Windows client to an ASA running 9.12 software.

The requirements I have:

- IPsec with IKEv1

- Certificates from our internal Microsoft CA should be used for authentication

- Windows 10 VPN client should be used

Has anyone been able to set this up?

I got it working with PSK/XAUTH, but no luck with certificates.

Any help would be appreciated!

Cheers

Frank

Karsten Iwen · ‎05-15-2021

I would avoid all these struggles and directly use AnyConnect.

fherlan · ‎05-16-2021

Thanks for the reply - but that wasn´t exactly the answer I was looking for...

Karsten Iwen · ‎05-16-2021

Yes, I expected that. But you try to implement it in a ways that Cisco abandoned a decade ago. Most people (myself included) have moved on for easier implementation and better security.

fherlan · ‎05-16-2021

Easier implementation and better security is IMHO highly debateable. When I think about the countless security advisories regarding AnyConnect...

Also I can´t think of easier implementation if you have a working AD.

And then there is the costs. AnyConnect doesn´t come for free.

Just BTW: The Win 10 build-in VPN client would also support IKEv2. But same story - I haven´t found a working configuration anywhere -> which is why I came here (to ask) in the first place