Hello,
So today I am working on a site to site VPN in a test environment. I have the VPN built using pre shared key and verified connectivity from end to end. What I am looking to test is changing the pre shared key to a certificate based authentication to build the tunnel. I have never used certificate authentication for building a VPN connection, so I'm sure I'm missing a step or two in setting this up.
My steps:
1. load the identity certs in both ASAs
2. load the CA certs in both ASAs
3. change the connection profiles to use the identity certificates for IKEV1 and IKEV2......basically anywhere there is a preshared key, I changed it to the identity certificates.
If anyone has any advice or has done this before, I would greatly appreciate any advice. Thanks!