Hi Alex, I guess you are

Alexsandro Reimann · ‎08-11-2014

Hi,

I have a successfull configuration with Anyconnect connecting to a router with IKEv2 ipsec. The problem is I'm migrating the local pool to a DHCP Server, but the DHCP is offering the same IP address to all connections, locking at Leases, the DHCP Server learns all connections with the router hostname. There is a statement to change to identify every host connected to anyconnect profile?

nkarthikeyan · ‎08-11-2014

Hi Alex,

Can you post your configurations of anyconnect and dhcp settings on your router?

Regards

Karthik

Alexsandro Reimann · ‎08-11-2014

Karthik,

As requested, I'm sending them above:

crypto ikev2 authorization policy AC-POLICY
dhcp server 192.168.160.22
dhcp giaddr 10.1.20.1
dns 192.168.160.22 10.40.10.12
netmask 255.255.255.0
banner ^C Bem-vindo ^C
def-domain br.domain.com
!
crypto ikev2 profile ANYCONNECT-PROFILE
match identity remote address 0.0.0.0
identity local fqdn vpn.vpn.com
authentication remote eap query-identity
authentication local rsa-sig
pki trustpoint Cert-CA
dpd 60 2 on-demand
aaa authentication eap vpn-radius
aaa authorization group eap list vpn-radius AC-POLICY
aaa authorization user eap cached
aaa accounting eap Accounting-RADIUS
virtual-template 1
!
crypto ipsec profile PROFILE-ANYCONNECT
set ikev2-profile ANYCONNECT-PROFILE
!
interface Virtual-Template1 type tunnel
ip unnumbered GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile PROFILE-ANYCONNECT
!

Best regards,

Alexsandro Reimann.

nkarthikeyan · ‎08-11-2014

Hi Alex,

I guess you are using local aaa with eap authentication and dhcp settings based on authorization? Your method of vpn is a flexvpn kind right?

Regards

Karthik

Cisco IKEv2 ipsec with Anyconnect - DHCP Issue