Hi,I am using the Cisco’s proprietary protocol AnyConnect-EAP for double-authentication (username/pw and machine certificate) together with an external Windows 2019 radius server. The authentication works, but why communicates the router only over PA...
Hi,I would like to connect to an IOS Router (C881G-4G-GA-K9, version 15.8(3)M7) with AnyConnect (4.10.x) and 2 factor authentication (username/pw and machine certificate verification).The connection works with the following ikev2-profile-config and w...
Hi,What do I have to configure on an IOS router, so that the DHCP request from an AnyConnect client are forwarded to a Microsoft DHCP server. Is that even possible or does it work only with a local IP pool (ip local pool POOL-NAME START-IP END-IP) I’...
Hi, I would like to get informed on an ACL hit (deny, standard severity level is 6) via syslog or snmp trap or email, but I want to keep the general logging trap error (3) on the Cisco IOS router. Any idea how to configure this? Thx!
Hi,Following scenario…We have a Cisco ASA firewall with ONE default static route to our external interface with a fast connection to the internet.Besides this we have another external interface which has also internet connection but over a different ...
I think you got me wrong. Yes, AnyConnect with IPsec works with these routers (ISR 4321 / Cat8K), but if you have a DS-Lite connection at home, then it doesn't work.Only RA VPN SSL works with this technology. So, we would like to change the configura...
Thanks for your feedback and the link. I am wondering why this feature is only supported on just these three hardware platforms and not more. Because of DS-Lite we have more and more colleagues who are not able to connect to the branch offices anymor...
We would like to change from AnyConnect with IPsec to SSL. Is it ture, that AnyConnect with SSL works only on the hardware platforms ISR 4431, 4451 and 4461? And not for example on ISR 4321 or C8200 router? (With IOS-XE 17.9.x)
Hi,I finally made it and the double-authentication, username/pw (checked by a radius server) AND machine certificate-check, works. Additionally we keep the “match identity remote key-id ABC-Lab” from the old config.In our case we use an Issuing-CA, a...
Thanks for the fast reply and the link, but I should have mentioned that I am looking for a config which checks beside the username/pw also the client machine certificate from an IPsec AnyConnect connection related to a Windows radius server.The conf...
