Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1505
Views
0
Helpful
3
Replies

FlexVPN for anyconnect remote access with local authentification

ngtransge
Level 1
Level 1

‎01-26-2015 05:37 AM - edited ‎02-21-2020 08:02 PM

Hello,

 

 

I am interesting if it is possible to configure ISR 1941 Router as FlexVPN Server, with simple local user/password authentication, without certificate and external RADIUS server and connect with AnyConnect VPN client. Can you provide configuration templates for this kind of configuration ?

 

 

Thank you,

Labels:
0 Helpful
3 Replies 3

Graham Bartlett
Cisco Employee
Cisco Employee

‎02-02-2015 12:59 PM

Hi


To answer your question bluntly, but 'no', for username/password (EAP) authentication a certificate is required for the headend (as mandated by the IKEv2 RFC).

 

There's a feature request for IOS to act as a RADIUS device, but i've seen no traction on this since I raised it..

 

Sorry.

 

Maybe you could look at using certificates and the 1941 as the CA ?

cheers

0 Helpful

Jacob Zartmann
Level 1
Level 1

‎07-02-2018 05:36 AM

Hi,

 

I'm looking into this:

https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html#anc6

 

But no "luck" getting it to work.

0 Helpful

Calob
Level 1
Level 1
In response to Jacob Zartmann

‎04-03-2019 01:17 AM

im facing the same issue, i have no idea why this is not working.

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents