server
- ip local pool Win7Pool 123.1.1.100 123.1.1.200
- crypto ikev2 authorization policy Lxf-IKEv2-Author-Win
- pool Win7Pool
- !
- crypto pki certificate map Lxf-CertMap-Win 10
- subject-name co cn = TCPIPWIN10
- !
- crypto ikev2 proposal Lxf-IKEv2-Proposal-Win
- encryption aes-cbc-256
- integrity sha1
- group 2
- !
- crypto ikev2 policy Lxf-IKEv2-Policy
- proposal Lxf-IKEv2-Proposal-Win
- !
- crypto ikev2 profile Lxf-IKEv2-Profile-Win
- match certificate Lxf-CertMap-Win
- identity local fqdn Server.qytang.com
- authentication remote rsa-sig
- authentication local rsa-sig
- pki trustpoint CA
- aaa authorization group cert list Lxf-Local-Grp-Auth-List Lxf-IKEv2-Author-Win
- virtual-template 2
- !
- crypto ipsec transform-set Lxf-IPSec-Trans-Win esp-aes 256 esp-sha-hmac
- mode tunnel
- crypto ipsec profile Lxf-IPSec-Win-Profile
- set transform-set Lxf-IPSec-Trans-Win
- set ikev2-profile Lxf-IKEv2-Profile-Win
- !
- interface Virtual-Template2 type tunnel
- ip unnumbered GigabitEthernet1
- tunnel mode ipsec ipv4
- tunnel protection ipsec profile Lxf-IPSec-Win-Profile
- -------------------------------------------------------------------------------
- aaa group server radius Lxf-ISE
- server-private 61.128.1.241 key cisco
- !
- aaa authentication login Lxf-EAP-List group Lxf-ISE
- aaa authorization network Lxf-EAP-List group Lxf-ISE
- !
- crypto ikev2 name-mangler Lxf-Name-Mangler
- eap suffix delimiter @
- !
- crypto ikev2 proposal Lxf-IKEv2-EAP-Win10
- encryption aes-cbc-256
- integrity sha1
- group 2
- !
- crypto ikev2 policy Lxf-Ikev2-EAP-Policy
- proposal Lxf-IKEv2-EAP-Win10
- !
- !
- !
- crypto ikev2 profile Lxf-IKEv2-EAP-Profile
- match identity remote address 0.0.0.0
- authentication local rsa-sig
- authentication remote eap query-identity
- pki trustpoint CA
- aaa authentication eap Lxf-EAP-List
- aaa authorization group eap list Lxf-EAP-List name-mangler Lxf-Name-Mangler
- virtual-template 3
- !
- crypto ipsec transform-set Lxf-IPsec-EAP-Win10 esp-aes 256 esp-sha-hmac
- mode tunnel!
- !
- crypto ipsec profile Lxf-IPsec-EAP-Profile
- set transform-set Lxf-IPsec-EAP-Win10
- set ikev2-profile Lxf-IKEv2-EAP-Profile
- !
- interface Virtual-Template3 type tunnel
- ip unnumbered GigabitEthernet1
- tunnel mode ipsec ipv4
- tunnel protection ipsec profile Lxf-IPsec-EAP-Profile
- !