Before configuring the ASA firewall for IPSec using an external certificate authority, you must disable the local CA on the ASA firewall to ensure that certificates are authenticated against the external CA.

  1. Log into the Cisco Adaptive Security Device Manager (ASDM) to configure your ASA firewall.

    Certs_Cisco_IPSec2

  2. Navigate to Configuration > Remote Access VPN > Certificate Management > Local Certificate Authority > CA Server .
  3. select Disable.
  4. Select OK.

    Certs_Cisco_IPSec3

Next, you must Configure IPSec VPN.