(host) (config) #crypto-local isakmp certificate-group server-certificate server_certificate
ca-certificate ca_certificate
You can view existing certificate groups using:
show crypto-local isakmp certificate-group
Working with VPN Authentication Profiles
VPN Authentication profiles identify an authentication server, the server group to which the authentication
server belongs, and a user-role for authenticated VPN clients. There are three predefined VPN authentication
profiles: default, default-rap, and default-cap. These different profiles allow you to use different
authentication servers, user-roles, and IP pools for VPN, remote AP, and campus AP clients.
You can configure the default and default-rap profiles, but not the default-cap profile.
Parameter Description default default-rap default-cap
Default Role for
authenticated users
The role that will be
assigned to the
authenticated users.
default-vpn-
role
default-vpn-
role
sys-ap-role
0
Maximum allowed
authentication failures
The number of contiguous
authentication failures
before the station is
blacklisted.
0 (feature is
disabled)
0 (feature is
disabled)
0 (feature is
disabled)
Check certificate common
name against AAA server
disabled enabled enabled
Table 84: Predefined Authentication Profile settings
AOS-W 6.5.3.x | User Guide Virtual Private Networks | 350
To Next Page
Loading...