03-14-2019 04:58 AM
Hi Experts,
I need help in configuring an ikev2 profile for VRF to restrict other VRF users.
AnyConnect Client 4.5 is using FlexVPN using AnyConnect-EAP authentication with an IKE ID for matching remote key identity.
Also, we are using a local AAA database.( No Radius/TACACS).
In case I got the IKE ID of any other tenant and using that in my AnyConnect profile I can connect to another tenant network.
I hope this can be restricted using name-mangler option in aaa authorization group/user in ikev2 profile but found limited examples for implementing it with local-AAA.
Please find the configuration snapshot.
Solved! Go to Solution.
03-19-2019 04:55 AM
03-19-2019 07:43 AM
03-19-2019 07:57 AM
03-19-2019 08:10 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: