To achieve authentication without RADIUS, the auth-method needs to be configured as psk or cert-auth and local address assignment must be configured under ipsec-gw.
Figure: Typical call flow of certificate or PSK authentication without RADIUS shows a typical call flow of certificate or PSK authentication without RADIUS.
Figure: Typical call flow of certificate or PSK authentication without RADIUS
Figure: Typical call flow for EAP authentication shows a typical call flow for EAP authentication.
Figure: Typical call flow for EAP authentication
In this configuration, the radius-authentication-policy and radius-accounting-policy in the ipsec-gw context are ignored.
RADIUS disconnect messages are supported in this case. Only the following tunnel identification methods are supported:
Nas-Port-Id + Framed-Ip-Addr(Framed-Ipv6-Prefix) + Alc-IPsec-Serv-Id
User-Name