Hi,I am using the Cisco’s proprietary protocol AnyConnect-EAP for double-authentication (username/pw and machine certificate) together with an external Windows 2019 radius server. The authentication works, but why communicates the router only over PA...
Hi,I would like to connect to an IOS Router (C881G-4G-GA-K9, version 15.8(3)M7) with AnyConnect (4.10.x) and 2 factor authentication (username/pw and machine certificate verification).The connection works with the following ikev2-profile-config and w...
Hi,What do I have to configure on an IOS router, so that the DHCP request from an AnyConnect client are forwarded to a Microsoft DHCP server. Is that even possible or does it work only with a local IP pool (ip local pool POOL-NAME START-IP END-IP) I’...
Hi, I would like to get informed on an ACL hit (deny, standard severity level is 6) via syslog or snmp trap or email, but I want to keep the general logging trap error (3) on the Cisco IOS router. Any idea how to configure this? Thx!
Hi,Following scenario…We have a Cisco ASA firewall with ONE default static route to our external interface with a fast connection to the internet.Besides this we have another external interface which has also internet connection but over a different ...
Hi,I finally made it and the double-authentication, username/pw (checked by a radius server) AND machine certificate-check, works. Additionally we keep the “match identity remote key-id ABC-Lab” from the old config.In our case we use an Issuing-CA, a...
Thanks for the fast reply and the link, but I should have mentioned that I am looking for a config which checks beside the username/pw also the client machine certificate from an IPsec AnyConnect connection related to a Windows radius server.The conf...
Thanks for your suggestion, but I use this configuration and get only syslog messages with a severity level of 3 and lower. So no messages of any hit, because these messages use the severity level of 6, but as I mentioned, I don't want to change the ...
Thanks for your help but I actually don't want to have a second default route.I've actually been looking more for this solution: sla monitor 1 type echo protocol ipIcmpEcho NEXT-HOP-IP interface EXTERN-INTERFACE frequency 10 timeout 5000sla monito...
Hi,
Thanks for your fast reply.
We only have one ip range on the outside interface and the server is accessible via one ip of this range with NAT (like Rahul wrote) from outside and the clients get also a public ip address from this range when th...