Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Objective: Use ASA to support native VPN client for RA on current versions of Android, Windows 10/11 (and possibly others) using supported types such as IKEv2/IPSec+EAP/MSCHAPv2 for authentication.An ASA (ASA5516/9.12) is currently used for IKEv1/LT2...
I have what I think is a fairly straightforward configuration, though I cannot quite seem to get it working. I need to have a few different DMZ hosts with PAT on a specific IP (that's not the ASA interface IP), where also if one of these hosts initi...
On ASA IPv4 "dual ISP" failover is well documented (ex: here and here) and works well. Is this a supported feature for IPv6?Also, are there any technical documents that describe best practices for configuring IPv6 with two ISPs on a Cisco ASA?Thanks!...
I decided to give this another try, this time using certificate with EAP-MSCHAPv2, again with local authentication. The certificate validation succeeds but finally fails on authentication with this message, implying a username/password issue.IKEv2-P...
Removed it on both tunnel-groups, but still getting hung up in the same place. I don't see any mentions of tunnel-groups/crypto maps in the debug, so is this happening before those?IKEv2-PROTO-4: (150): Searching policy based on peer's identity 'VPNG...
Yeah, that was the link I referenced - it had a lot of good information. Following as closely as I could is where I got where the policy was attempting to match on `IPv4 address` (which isn't how the example was working) so wasn't able to get any fur...
