Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
626
Views
0
Helpful
3
Replies

Cisco IKEv2 ipsec with Anyconnect - DHCP Issue

Alexsandro Reimann
Level 1
Level 1

‎08-11-2014 06:48 AM - edited ‎02-21-2020 07:46 PM

Hi,

   I have a successfull configuration with Anyconnect connecting to a router with IKEv2 ipsec. The problem is I'm migrating the local pool to a DHCP Server, but the DHCP is offering the same IP address to all connections, locking at Leases, the DHCP Server learns all connections with the router hostname. There is a statement to change to identify every host connected to anyconnect profile?

Labels:
0 Helpful
3 Replies 3

nkarthikeyan
Level 7
Level 7

‎08-11-2014 10:35 AM

Hi Alex,

 

Can you post your configurations of anyconnect and dhcp settings on your router?

 

Regards

Karthik

0 Helpful

Alexsandro Reimann
Level 1
Level 1
In response to nkarthikeyan

‎08-11-2014 12:20 PM

Karthik,

 

      As requested, I'm sending them above:

 

crypto ikev2 authorization policy AC-POLICY
 dhcp server 192.168.160.22
 dhcp giaddr 10.1.20.1
 dns 192.168.160.22 10.40.10.12
 netmask 255.255.255.0
 banner ^C Bem-vindo ^C
 def-domain br.domain.com
!
crypto ikev2 profile ANYCONNECT-PROFILE
 match identity remote address 0.0.0.0
 identity local fqdn vpn.vpn.com
 authentication remote eap query-identity
 authentication local rsa-sig
 pki trustpoint Cert-CA
 dpd 60 2 on-demand
 aaa authentication eap vpn-radius
 aaa authorization group eap list vpn-radius AC-POLICY
 aaa authorization user eap cached
 aaa accounting eap Accounting-RADIUS
 virtual-template 1
!
crypto ipsec profile PROFILE-ANYCONNECT
 set ikev2-profile ANYCONNECT-PROFILE
!
interface Virtual-Template1 type tunnel
 ip unnumbered GigabitEthernet0/0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile PROFILE-ANYCONNECT
!

 

Best regards,

 

Alexsandro Reimann.

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to Alexsandro Reimann

‎08-11-2014 11:23 PM

Hi Alex,

 

I guess you are using local aaa with eap authentication and dhcp settings based on authorization? Your method of vpn is a flexvpn kind right?

 

Regards

Karthik

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents