08-11-2014 06:48 AM - edited 02-21-2020 07:46 PM
Hi,
I have a successfull configuration with Anyconnect connecting to a router with IKEv2 ipsec. The problem is I'm migrating the local pool to a DHCP Server, but the DHCP is offering the same IP address to all connections, locking at Leases, the DHCP Server learns all connections with the router hostname. There is a statement to change to identify every host connected to anyconnect profile?
08-11-2014 10:35 AM
Hi Alex,
Can you post your configurations of anyconnect and dhcp settings on your router?
Regards
Karthik
08-11-2014 12:20 PM
Karthik,
As requested, I'm sending them above:
crypto ikev2 authorization policy AC-POLICY
dhcp server 192.168.160.22
dhcp giaddr 10.1.20.1
dns 192.168.160.22 10.40.10.12
netmask 255.255.255.0
banner ^C Bem-vindo ^C
def-domain br.domain.com
!
crypto ikev2 profile ANYCONNECT-PROFILE
match identity remote address 0.0.0.0
identity local fqdn vpn.vpn.com
authentication remote eap query-identity
authentication local rsa-sig
pki trustpoint Cert-CA
dpd 60 2 on-demand
aaa authentication eap vpn-radius
aaa authorization group eap list vpn-radius AC-POLICY
aaa authorization user eap cached
aaa accounting eap Accounting-RADIUS
virtual-template 1
!
crypto ipsec profile PROFILE-ANYCONNECT
set ikev2-profile ANYCONNECT-PROFILE
!
interface Virtual-Template1 type tunnel
ip unnumbered GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile PROFILE-ANYCONNECT
!
Best regards,
Alexsandro Reimann.
08-11-2014 11:23 PM
Hi Alex,
I guess you are using local aaa with eap authentication and dhcp settings based on authorization? Your method of vpn is a flexvpn kind right?
Regards
Karthik
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: