@whughes123 you can use either a Windows CA order run a CA server on the IOS router itself.

Examples:

https://integratingit.wordpress.com/2017/08/26/cisco-ios-certificate-enrollment-via-scep/

https://integratingit.wordpress.com/2019/03/26/cisco-ios-certificate-authority/

there is bug prevent using self signed Cert in IKEv2 anyconnect 
you need to use Win Server as CA
MHM

Roger that, so I have a very specific situation but I'm sure unlimited options as to go about solving my problem. I need to meet CMMC compliance, so data in transit must be encrypted. I have 20 engineers that VPN into a file server from around the country. Currently they use OpenVPN which is configured on a commercial ASUS router. I bought a Cisco ISR 1100 router for a few reasons, but I'm trying to work it into the equation, and I need ideas as the best way to go about it. I have attached a network diagram of my current setup in my building. Any help or suggestions or direction would be greatly appreciated!!

Once you are connected VPN all the Access to Servers will be Secured, You can use PKI infrastructure - you can use MS CA or Router as CA for the certs.

The router come with cert already -

crypto pki trustpoint SLA-TrustPoint

 check @Rob Ingram already provided the link Router can ACT as CA. (make sure your PC can trust that certs.

I'm going to get working on this Monday! I saw the SLA-TrustPoint cert in my config and assumed that's what it was. I have a Windows Server 2022 VM but I wonder if it matters the version (Standard, Data Center, Essentials) 

@Rob Ingram I'm going to try to get this setup using the links you provided and I will get back with you guys as soon as I get back in town and have time to set it up. Might be a few days.

Thank you guys SO MUCH for your help!