ezvpn network-ext and user xauth on the c871

Unanswered Question
Oct 19th, 2007

I have just completed the configuration on an 871 with Version 12.3(8)YI2 software installed on it. A portion of the configuration is shown below:

crypto ipsec client ezvpn <removed>

connect auto

group test key <removed>

mode network-extension

peer <removed>

username testuser password <removed>

xauth userid mode local

I have created a client configuration and successfully connected the device to a vpn3000C however during the connection I was required to connect on the 871 and enter the username and password by issuing the command 'crypto ipsec client ezvpn xauth'

Show log:

Pending XAuth Request,

Please enter the following command:

EZVPN: crypto ipsec client ezvpn xauth

Is there a method to have the router complete this step so as to save the user from having to connect to the 871 and enter the username etc. I know that this defeats the objectives of having security but there are valid reasons for wanting to do this.

If you help then please do…

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
darin.marais Mon, 10/22/2007 - 04:52

hey big large cisco world of forum and wonderful people out there.

Does nobody know the answer or does "no answer" mean that it can not be done...

Jason Gervia Tue, 10/30/2007 - 21:42

Hello,

You need to turn off xauth on the head end (the concentrator) as that's what is requiring xauth - change your authentication from 'internal' to something else.

--Jason

darin.marais Mon, 11/05/2007 - 03:15

jason thanks for your answer. it worked once i turned off the xauth on the c3000. is there a way to leave it on but have the 871 send the username instead of waiting for user interaction?

ggilbert Tue, 11/06/2007 - 16:20

You can use the save password option on the 3000 concentrator for that specific group. Once the user connects for the first time, then the password will be saved.

Cheers,

Gilbert

Actions

This Discussion