10-19-2007 05:35 AM
I have just completed the configuration on an 871 with Version 12.3(8)YI2 software installed on it. A portion of the configuration is shown below:
crypto ipsec client ezvpn <removed>
connect auto
group test key <removed>
mode network-extension
peer <removed>
username testuser password <removed>
xauth userid mode local
I have created a client configuration and successfully connected the device to a vpn3000C however during the connection I was required to connect on the 871 and enter the username and password by issuing the command 'crypto ipsec client ezvpn xauth'
Show log:
Pending XAuth Request,
Please enter the following command:
EZVPN: crypto ipsec client ezvpn xauth
Is there a method to have the router complete this step so as to save the user from having to connect to the 871 and enter the username etc. I know that this defeats the objectives of having security but there are valid reasons for wanting to do this.
If you help then please doâ¦
10-22-2007 04:52 AM
hey big large cisco world of forum and wonderful people out there.
Does nobody know the answer or does "no answer" mean that it can not be done...
10-30-2007 09:42 PM
Hello,
You need to turn off xauth on the head end (the concentrator) as that's what is requiring xauth - change your authentication from 'internal' to something else.
--Jason
11-05-2007 03:15 AM
jason thanks for your answer. it worked once i turned off the xauth on the c3000. is there a way to leave it on but have the 871 send the username instead of waiting for user interaction?
11-06-2007 04:20 PM
You can use the save password option on the 3000 concentrator for that specific group. Once the user connects for the first time, then the password will be saved.
Cheers,
Gilbert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide