Why VPN dialer uses AAA user name & password

Unanswered Question
Apr 30th, 2007
User Badges:
  • Silver, 250 points or more

I hav configured Cisco ASA 5510 for VPN dialer for mobile client. when i enter the user name & password of the tunnel-group it doesn't accepts, where as if i enter the user name & password of AAA "username anand password cisco123 encrypted privilege 15" this password is getting accepted. why is that & how do i configure to accept the vpn group password only.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Richard Burts Mon, 04/30/2007 - 08:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Either I do not understand your question very well or you are misunderstanding how the VPN dialer on the ASA5510 works. I am not sure which. It seems like you are expecting the mobile client to input only a group name and a group password and that should be enough to authenticate the incoming user session. But that is not how it works. The group name and password are the first stage of identifying the user but are not sufficient to fully identify and authenticate the user. The group name and password are used primarily to determine which policy to apply to the session. You might have several different groups defined with somewhat different policies for each group. So the group name and password determine the appropriate policy and the user name and password authenticate the individual user. group name and password without user name does not work and user name and password without group does not work.

If I have misunderstood your question then perhaps you can clarify.




This Discussion