Why VPN dialer uses AAA user name & password

Anand Narayana · ‎04-30-2007

I hav configured Cisco ASA 5510 for VPN dialer for mobile client. when i enter the user name & password of the tunnel-group it doesn't accepts, where as if i enter the user name & password of AAA "username anand password cisco123 encrypted privilege 15" this password is getting accepted. why is that & how do i configure to accept the vpn group password only.

Richard Burts · ‎04-30-2007

Anand

Either I do not understand your question very well or you are misunderstanding how the VPN dialer on the ASA5510 works. I am not sure which. It seems like you are expecting the mobile client to input only a group name and a group password and that should be enough to authenticate the incoming user session. But that is not how it works. The group name and password are the first stage of identifying the user but are not sufficient to fully identify and authenticate the user. The group name and password are used primarily to determine which policy to apply to the session. You might have several different groups defined with somewhat different policies for each group. So the group name and password determine the appropriate policy and the user name and password authenticate the individual user. group name and password without user name does not work and user name and password without group does not work.

If I have misunderstood your question then perhaps you can clarify.

HTH

Rick

HTH

Rick