cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect
130
Views
0
Helpful
3
Replies
Highlighted

FlexVPN with certificate-based AAA authentication on IR829 clients routers

Hello dear CISCO community ! 

 

I need some help regarding FlexVPN configuration. 

I have a "central" router used as a VPN concentrator for several IR829 routers (4G mobile routers). 

Those routers use rsa-sig authentication on their ikev2 profile. The certificate is then checked by our "central" router. 

 

I would ilke to offload the authentication for those FlexVPN on ISE. I saw several configuration examples for anyconnect authentication, but not for client routers using certificates. 

Could you help? 

 

 

Anthony 

3 REPLIES 3
VIP Advocate RJI VIP Advocate
VIP Advocate

Re: FlexVPN with certificate-based AAA authentication on IR829 clients routers

Hi,

RADIUS would be used for Authorization, authentication of certificates would still be between routers. This example here shows the configuration of FlexVPN routers and ISE for authorization.

 

HTH

Re: FlexVPN with certificate-based AAA authentication on IR829 clients routers

Hi ! 

Thanks for your answer. So there's no way to offload the complete process (authentication + authorization) to an external AAA server ? 

 

 

Antho

VIP Advocate RJI VIP Advocate
VIP Advocate

Re: FlexVPN with certificate-based AAA authentication on IR829 clients routers

Hi,
If you are using certificate authentication, the authentication is always between the routers themselves. External RADIUS is for authorization....you could still use the RADIUS server to permit/deny the session - this would be in addition to the authentication of the certificates between the routers.

HTH