IPSec w/ Certs - What do you put in SANs, Cert ID?

Question

I'm setting up IPsec tunnels between HO and several branch offices using IPSec with certificates. I'm confused what to put in the SANs or Cert identifier fields. I played with the Cert Identifier using DNS names but it looks like they all have to resolve and be unique for every site which is not possible. What would be the easiest way to set this up?

This thread was automatically locked due to age.

Erick Jan · Answer

Hi ArtL, 
 Thank you for contacting Sophos Community. 
 For SANs, define it on which your certificate will be valid. Kindly try the IP address or FQDN of your domain and firewall. 
 
 Have you tried this KB : Establish a Site-to-Site IPsec VPN connection using digital certificates

IPSec w/ Certs - What do you put in SANs, Cert ID?

Top Replies