According to the "What's New" document for Version 7.0 there is now support for IPSec/IKEv2 VPN clients. Has anyone deployed this? Does this mean that any RFC compliant IPSec client can now natively connect through the SSLVPN? Can the SSLVPN configuration use LDAP authentication? IP address from pools by user groups/roles? Role mapping to IPSec roles?
This could be pretty useful if it is fully deployed within the existing SSLVPN framework.
I have this working in the lab. The only client I have so far gotten to work is WIndows7 (Agile VPN). The client needs to support MOBIKE in order to work with the IVE. Most seem to not support this. The only authentication currently supported is via certificates. You map ikev2 authentication to one realm, but from there you can map to any roles you like based on any information contained in the cert and on the fact that it's an ikev2 connection.