Hello dear CISCO community !
I need some help regarding FlexVPN configuration.
I have a "central" router used as a VPN concentrator for several IR829 routers (4G mobile routers).
Those routers use rsa-sig authentication on their ikev2 profile. The certificate is then checked by our "central" router.
I would ilke to offload the authentication for those FlexVPN on ISE. I saw several configuration examples for anyconnect authentication, but not for client routers using certificates.
Could you help?
RADIUS would be used for Authorization, authentication of certificates would still be between routers. This example here shows the configuration of FlexVPN routers and ISE for authorization.
Thanks for your answer. So there's no way to offload the complete process (authentication + authorization) to an external AAA server ?