cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
699
Views
0
Helpful
2
Replies

Setting up IKEv2 Cert based VPN using native VPN client on macOS Sierra/High Sierra

Mohamed Hamid
Level 1
Level 1

Hi there

I have many users who complain that AnyConnect does not behave well in conditions of poor internet connectivity i.e public areas or travelling on a train etc.

 

In addition to this, my User base is looking for a more streamlined VPN experience where the User rarely interacts with the VPN client and it more or less works in the background.

 

As such I have been looking at using the native VPN client on macOS, my VPN is the following

  • IKEv2
  • Cert Based
  • AnyConnect XML Profile Instructs AnyConnect which Client Certificate to choose (which sits in user keychain) 

When setting up the native VPN I have the following queries 

  1. What value goes in local ID and Remote ID?
  2. Choosing the VPN concentrator hostname for remote ID and the client certificate common name for local ID does not work. The ASA does not recognise the authentication method. 

Am I missing something here and surely others have set up an IKEv2 native VPN on a macOS which uses cert based auth.

Kind Regards

2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

Here is a guide I wrote for setting most of this up when using an IOS head end.

http://www.ifm.net.nz/cookbooks/Cisco-IOS-router-IKEv2-AnyConnect-Suite-B-Crypto.html

Hi there

Thank you for the guide but this is not what I am asking about.

To clarify I have already setup the VPN settings on the Cisco device and use Cisco AnyConnect, I have no issues with this setup.

I am now looking to use the native VPN client on macOS and with IKEv2 + Cert based authentication it is not straight forward.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: