cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
368
Views
0
Helpful
2
Replies
Highlighted
Beginner

Setting up IKEv2 Cert based VPN using native VPN client on macOS Sierra/High Sierra

Hi there

I have many users who complain that AnyConnect does not behave well in conditions of poor internet connectivity i.e public areas or travelling on a train etc.

 

In addition to this, my User base is looking for a more streamlined VPN experience where the User rarely interacts with the VPN client and it more or less works in the background.

 

As such I have been looking at using the native VPN client on macOS, my VPN is the following

  • IKEv2
  • Cert Based
  • AnyConnect XML Profile Instructs AnyConnect which Client Certificate to choose (which sits in user keychain) 

When setting up the native VPN I have the following queries 

  1. What value goes in local ID and Remote ID?
  2. Choosing the VPN concentrator hostname for remote ID and the client certificate common name for local ID does not work. The ASA does not recognise the authentication method. 

Am I missing something here and surely others have set up an IKEv2 native VPN on a macOS which uses cert based auth.

Kind Regards

2 REPLIES 2
Highlighted
Advisor

Here is a guide I wrote for setting most of this up when using an IOS head end.

http://www.ifm.net.nz/cookbooks/Cisco-IOS-router-IKEv2-AnyConnect-Suite-B-Crypto.html

Highlighted

Hi there

Thank you for the guide but this is not what I am asking about.

To clarify I have already setup the VPN settings on the Cisco device and use Cisco AnyConnect, I have no issues with this setup.

I am now looking to use the native VPN client on macOS and with IKEv2 + Cert based authentication it is not straight forward.
Content for Community-Ad