10-10-2016 07:49 AM - edited 03-12-2019 01:22 AM
Good Day,
Is it possible to configure IKEv2 Ipsec VPN without a AAA server? Or at the very least use the ASA 5508x as a AAA server for VPN users?
Solved! Go to Solution.
10-10-2016 12:55 PM
Hi,
I have attached the ASDM screenshot for doing both LOCAL authentication and DHCP address assignment for the VPN users.
Regards,
Aditya
Please rate helpful posts and mark correct answers.
View solution in original post
10-10-2016 08:34 AM
Yes you can do that.
Under the tunnel group config you need to define authentication server as local.
tunnel-group TEST type remote-accesstunnel-group TEST general-attributesno address-poolno ipv6-address-pool authentication-server-group LOCAL
10-10-2016 10:27 AM
Is it possible to do this via ASDM?
As i have never used CLI to configure a IKEv2 VPN before.
10-10-2016 12:34 PM
Apologies as I was not able to find it from the ASDM.
But the CLI commands shared would enable local authentication.
Let me know if you face any issues.
10-10-2016 12:41 PM
Thanks,
I have no idea what the CLI commands are
I want to create the IKEv2 Ipsec VPN on my outside interface with a dhcp pool of 192.168.250.1-253 and i want it to block access to my inside address of 10.0.0.0 and 192.168.10.0
10-10-2016 01:05 PM
Is the attached correct?
i added the anyconnect client to the anyconnect client software tab also.
10-10-2016 08:44 PM
Yes that is correct.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
