cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1652
Views
0
Helpful
3
Replies

FlexVPN with certificate-based AAA authentication on IR829 clients routers

Antho_Balitrand
Level 1
Level 1

Hello dear CISCO community ! 

 

I need some help regarding FlexVPN configuration. 

I have a "central" router used as a VPN concentrator for several IR829 routers (4G mobile routers). 

Those routers use rsa-sig authentication on their ikev2 profile. The certificate is then checked by our "central" router. 

 

I would ilke to offload the authentication for those FlexVPN on ISE. I saw several configuration examples for anyconnect authentication, but not for client routers using certificates. 

Could you help? 

 

 

Anthony 

3 Replies 3

Hi,

RADIUS would be used for Authorization, authentication of certificates would still be between routers. This example here shows the configuration of FlexVPN routers and ISE for authorization.

 

HTH

Hi ! 

Thanks for your answer. So there's no way to offload the complete process (authentication + authorization) to an external AAA server ? 

 

 

Antho

Hi,
If you are using certificate authentication, the authentication is always between the routers themselves. External RADIUS is for authorization....you could still use the RADIUS server to permit/deny the session - this would be in addition to the authentication of the certificates between the routers.

HTH