Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco AnyConnect Secure Mobility Client v2.x
  5. Technical Manual

Cisco Cisco AnyConnect Secure Mobility Client v2.x Technical Manual

Download
Page of 13
authentication remote anyconnect-eap aggregate
authentication local rsa-sig
pki trustpoint IKEv2-TP
aaa authentication anyconnect-eap a-eap-authen-local
aaa authorization group anyconnect-eap list a-eap-author-grp ikev2-auth-policy
aaa authorization user anyconnect-eap cached
virtual-template 100
Note: Configuring the remote authentication method before the local authentication method
will be accepted by the CLI, but may not take effect on versions of code affected by
 . If you copy/paste the configuration from this document, please ensure the
remote authentication method has infact taken effect and if it hasn't please re-enter the
command.
Step 7. Disable HTTP-URL based certificate lookup:
crypto ikev2 profile AnyConnect-EAP
match identity remote key-id *$AnyConnectClient$*
authentication remote anyconnect-eap aggregate
authentication local rsa-sig
pki trustpoint IKEv2-TP
aaa authentication anyconnect-eap a-eap-authen-local
aaa authorization group anyconnect-eap list a-eap-author-grp ikev2-auth-policy
aaa authorization user anyconnect-eap cached
virtual-template 100
Step 8. Define the encryption and hash algorithms used to protect data
crypto ikev2 profile AnyConnect-EAP
match identity remote key-id *$AnyConnectClient$*
authentication remote anyconnect-eap aggregate
authentication local rsa-sig
pki trustpoint IKEv2-TP
aaa authentication anyconnect-eap a-eap-authen-local
aaa authorization group anyconnect-eap list a-eap-author-grp ikev2-auth-policy
aaa authorization user anyconnect-eap cached
virtual-template 100
NoteRefer 
 to confirm whether your router hardware supports the NGE
encryption algorithms (for example the example above has NGE algorithms). Otherwise
IPSec SA installation on the hardware will fail at the last stage of negotiation.
Step 9. Create an IPSec profile:
crypto ikev2 profile AnyConnect-EAP
match identity remote key-id *$AnyConnectClient$*
authentication remote anyconnect-eap aggregate
authentication local rsa-sig
pki trustpoint IKEv2-TP
aaa authentication anyconnect-eap a-eap-authen-local
aaa authorization group anyconnect-eap list a-eap-author-grp ikev2-auth-policy
aaa authorization user anyconnect-eap cached
virtual-template 100
Step 10. Configure a virtual-template (associate the template in the IKEv2 profile)
crypto ikev2 profile AnyConnect-EAP
match identity remote key-id *$AnyConnectClient$*
authentication remote anyconnect-eap aggregate
authentication local rsa-sig
pki trustpoint IKEv2-TP