Cisco Cisco AnyConnect Secure Mobility Client v2.x 技術マニュアル

aaa authentication anyconnect-eap a-eap-authen-local

aaa authorization group anyconnect-eap list a-eap-author-grp ikev2-auth-policy

aaa authorization user anyconnect-eap cached

virtual-template 100

Authentication, Authorization and Accounting using a remote AAA server

Network Diagram

Headend configuration changes

Note:Refer to the above section for rest of the configuration.

aaa group server radius ACS

server name ACS

radius server ACS

address ipv4 172.16.1.2 auth-port 1645 acct-port 1646

key Cisco123!

aaa authentication login a-eap-authen group ACS

aaa authorization network a-eap-author group ACS

aaa accounting network a-eap-acc start-stop group ACS

crypto ikev2 name-mangler NM

eap suffix delimiter @

crypto ikev2 profile AnyConnect-EAP

aaa authentication anyconnect-eap a-eap-authen

aaa authorization group anyconnect-eap list a-eap-author <aaa-username>

aaa authorization user anyconnect-eap list a-eap-author name-mangler NM

aaa accounting anyconnect-eap a-eap-acc

Radius Server configuration

Step 1. Create an username (for user and/or group authentication and authorization), as shown in
the image: