IKEv2 Authorization profile

Defining an IP pool first. This will be the range of IPs a remote user is assigned when connected to VPN
ISR-LAB(config)#ip local pool ip-pool-1 10.10.10.10 10.10.10.50

If you remember, we created an authorization list named authZ-list which says that local authorization policy is to be used that is configured on the router. This is the local authorization policy:

ISR-LAB(config)#crypto ikev2 authorization policy ikev2-authZ-profile
pool ip-pool-1
dns 10.1.1.45 10.1.2.45-9
netmask 255.255.255.0
def-domain justnetworks.ca
route set remote ipv4 10.1.1.0 255.255.255.0 # these are the routes users will have access to over the tunnel
route set remote ipv4 10.1.2.0 255.255.255.0 # these are the routes users will have access to over the tunnel
route set remote ipv4 10.1.3.0 255.255.255.0 # these are the routes users will have access to over the tunnel

After a successful authentication and authorization, the remote user gets the above parameters.

Previous page
« IKEv2 proposals

Next page
IKEv2 local profile »