04-12-2018 11:28 AM - edited 03-12-2019 05:11 AM
Dear all,
I'm trying to configure a flexvpn in a 4351 router and a strange behavior is happening.
When the VPN is established, the client gets the ACS IP, in this case, 10.1.1.198. It looks like a Bug.
Pool is configured.
May someone help me?
Thank you.
VPN configuration attached.
Solved! Go to Solution.
04-16-2018 11:13 AM
The problem was in the ACS.
It was occurring, because the authorization profile had a attribute "Framed-IP-Address" with 10.1.1.198. That's weird, because who put it there was a engineer from Cisco TAC last year. And this configurations was working from that time.
Thank you.
04-12-2018 01:27 PM
Hi,
The issue does sound bizarre, not something I've seen.
I've had a quick look at the configuration. Although you've got authorization defined for radius group ACS in the IKEv2 profile you are using a local authorization method list "test-auth", this method list does not instruct the virtual-template which source IP address to use. The configuration of the virtual-template is set to "no ip address", in my experience this works if the AAA server then instructs the router which loopback to use depending on authorisation.
In short, I think if you just define a local loopback interface with IP address and then configure the virtual-template with "ip unnumbered loopback X" this should work.
HTH
04-12-2018 06:13 PM
Thanks for responding.
It didn't work. I tried to put it:
interface Loopback200
ip address 10.96.200.254 255.255.255.0
interface Virtual-Template20 type tunnel
ip vrf forwarding INET1
ip unnumbered Loopback200
tunnel mode ipsec ipv4
tunnel vrf INET1
tunnel protection ipsec profile profile1
any suggestions?
04-16-2018 11:13 AM
The problem was in the ACS.
It was occurring, because the authorization profile had a attribute "Framed-IP-Address" with 10.1.1.198. That's weird, because who put it there was a engineer from Cisco TAC last year. And this configurations was working from that time.
Thank you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: