Disable the xauth in IOS router for EZVPN client

Unanswered Question
Nov 10th, 2007
User Badges:

I am trying to diable the xauth option and make the authentication by default not the interactive. I have tried using the username option, still its in the xauth interactive mode.Please can anyone help me out in this.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
ajagadee Sat, 11/10/2007 - 11:04
User Badges:
  • Cisco Employee,

If possible, Can you post the current configuration from the router. If not, make sure that your configuration looks like the below:

crypto ipsec client ezvpn EZVPNCLIENT

connect auto

group TEST key TEST123

mode network-extension


username cisco password cisco

xauth userid mode local

Let me know if it helps.



mkmzaman Mon, 11/12/2007 - 00:51
User Badges:

thanks for your reply.

I am using the same configuration for my device. i have given the mode as local and defined the username and password.



kcoming Mon, 11/12/2007 - 09:44
User Badges:

If the ezvpn server doesn't allow password storage on client, you won't be able to set this to xauth userid mode local.

On a 3000 head end, this is set on the hardware client tab for the group. For IOS/PIX head end, I don't know how to set it.

mkmzaman Mon, 11/12/2007 - 20:55
User Badges:

Thanks for your help.

I have enabled Password-storage command at Headend device, it started working.

ajagadee Tue, 11/13/2007 - 07:53
User Badges:
  • Cisco Employee,

Great! Thanks for the update!



xzjleo2005 Wed, 05/26/2010 - 18:07
User Badges:

Hi, which IOS verion comes with this 'local' option, my router only has   http-intercept and  interactive. it's c2800nm-advipservicesk9-mz.124-15.T7.bin

Thanks, Leo


This Discussion