Have approx 50-60 EZVPN Clients terminating on our Server. I would like it so that each ezvpn client is give a static ip address, nainly for management polling. The only way I can get ezvpn to work at the moment is with a DHCP on the Cisco ACS Server, the pool is assigned to the EZVPN Group.
If you are using Radius, you can configure the Framed-IP Address attribute to pass the ip address for the user that has been authenticated. Assigning an ip address per user is the best approach you have.
Thank you for your reply, but correct me if im wrong here. But isent the IP Address assigned to the client at IKE stage of the IPSec setup. The username authentication comes afterwords.
Just to confirm, what you are saying. There are two authentications per setup, first one is Group Name/Password and the second one is the ezyvpn username password.
Which one are you refering too. Just to let you know that all our clients use the same Group Name/Password for the IKE stage, only difference between clients is the ezvpn username/password. All clients are part of the same customer.
IP address assignment comes on the MODE CONFIG message/stage if the EZVPN setup, MODE CONFIG comes after IKE has been completed and for IKE (Phase 1) to be complated Xauth needs to be succesful hence user authentication comes before the ip address is assigned.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...