Cisco Cisco IOS Software Release 15.3(2)T Manuel Technique
IKEv2 from Android strongSwan to Cisco IOS with
EAP and RSA Authentication
EAP and RSA Authentication
Document ID: 116837
Contributed by Michal Garcarz and Salah Gherdaoui, Cisco TAC
Engineers.
Jan 21, 2016
Engineers.
Jan 21, 2016
Contents
Introduction
Prerequisites
Requirements
Components Used
Configure
Network Diagram
Certificate Enrollment
Cisco IOS Software
Android
EAP Authentication
Cisco IOS Software Configuration for EAP Authentication
Android Configuration for EAP Authentication
EAP Authentication Test
RSA Authentication
Cisco IOS Software Configuration for RSA Authentication
Android Configuration for RSA Authentication
RSA Authentication Test
VPN Gateway Behind NAT - strongSwan and Cisco IOS Software Limitations
Verify
Troubleshoot
strongSwan CA Multiple CERT_REQ
Tunnel Source on DVTI
Cisco IOS Software Bugs and Enhancement Requests
Related Information
Prerequisites
Requirements
Components Used
Configure
Network Diagram
Certificate Enrollment
Cisco IOS Software
Android
EAP Authentication
Cisco IOS Software Configuration for EAP Authentication
Android Configuration for EAP Authentication
EAP Authentication Test
RSA Authentication
Cisco IOS Software Configuration for RSA Authentication
Android Configuration for RSA Authentication
RSA Authentication Test
VPN Gateway Behind NAT - strongSwan and Cisco IOS Software Limitations
Verify
Troubleshoot
strongSwan CA Multiple CERT_REQ
Tunnel Source on DVTI
Cisco IOS Software Bugs and Enhancement Requests
Related Information
Introduction
This document describes how to configure the mobile version of strongSwan in order to access a Cisco IOS
®
software VPN gateway via the Internet Key Exchange Version 2 (IKEv2) protocol.
Three examples are presented:
Android phone with strongSwan that connects to the Cisco IOS software VPN gateway with
Extensible Authentication Protocol - Message Digest 5 (EAP-MD5) authentication.
Extensible Authentication Protocol - Message Digest 5 (EAP-MD5) authentication.
•
Android phone with strongSwan that connects to the Cisco IOS software VPN gateway with
certificate authentication (RSA).
certificate authentication (RSA).
•
Android phone with strongSwan that connects to the Cisco IOS software VPN gateway behind
Network Address Translation (NAT). There is a requirement to have two x509 extensions Subject
Alternative Name in the VPN gateway certificate.
Network Address Translation (NAT). There is a requirement to have two x509 extensions Subject
Alternative Name in the VPN gateway certificate.
•