ip local pool Win7Pool 123.1.1.100 123.1.1.200
crypto ikev2 authorization policy Lxf-IKEv2-Author-Win
pool Win7Pool
!
crypto pki certificate map Lxf-CertMap-Win 10
subject-name co cn = TCPIPWIN10
!
crypto ikev2 proposal Lxf-IKEv2-Proposal-Win
encryption aes-cbc-256
integrity sha1
group 2
!
crypto ikev2 policy Lxf-IKEv2-Policy
proposal Lxf-IKEv2-Proposal-Win
!
crypto ikev2 profile Lxf-IKEv2-Profile-Win
match certificate Lxf-CertMap-Win
identity local fqdn Server.qytang.com
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint CA
aaa authorization group cert list Lxf-Local-Grp-Auth-List Lxf-IKEv2-Author-Win
virtual-template 2
!
crypto ipsec transform-set Lxf-IPSec-Trans-Win esp-aes 256 esp-sha-hmac
mode tunnel
crypto ipsec profile Lxf-IPSec-Win-Profile
set transform-set Lxf-IPSec-Trans-Win
set ikev2-profile Lxf-IKEv2-Profile-Win
!
interface Virtual-Template2 type tunnel
ip unnumbered GigabitEthernet1
tunnel mode ipsec ipv4
tunnel protection ipsec profile Lxf-IPSec-Win-Profile
-------------------------------------------------------------------------------
aaa group server radius Lxf-ISE
server-private 61.128.1.241 key cisco
!
aaa authentication login Lxf-EAP-List group Lxf-ISE
aaa authorization network Lxf-EAP-List group Lxf-ISE
!
crypto ikev2 name-mangler Lxf-Name-Mangler
eap suffix delimiter @
!
crypto ikev2 proposal Lxf-IKEv2-EAP-Win10
encryption aes-cbc-256
integrity sha1
group 2
!
crypto ikev2 policy Lxf-Ikev2-EAP-Policy
proposal Lxf-IKEv2-EAP-Win10
!
!
!
crypto ikev2 profile Lxf-IKEv2-EAP-Profile
match identity remote address 0.0.0.0
authentication local rsa-sig
authentication remote eap query-identity
pki trustpoint CA
aaa authentication eap Lxf-EAP-List
aaa authorization group eap list Lxf-EAP-List name-mangler Lxf-Name-Mangler
virtual-template 3
!
crypto ipsec transform-set Lxf-IPsec-EAP-Win10 esp-aes 256 esp-sha-hmac
mode tunnel!
!
crypto ipsec profile Lxf-IPsec-EAP-Profile
set transform-set Lxf-IPsec-EAP-Win10
set ikev2-profile Lxf-IKEv2-EAP-Profile
!
interface Virtual-Template3 type tunnel
ip unnumbered GigabitEthernet1
tunnel mode ipsec ipv4
tunnel protection ipsec profile Lxf-IPsec-EAP-Profile
!
