11-10-2007 06:42 AM - edited 03-09-2019 07:19 PM
I am trying to diable the xauth option and make the authentication by default not the interactive. I have tried using the username option, still its in the xauth interactive mode.Please can anyone help me out in this.
11-10-2007 11:04 AM
If possible, Can you post the current configuration from the router. If not, make sure that your configuration looks like the below:
crypto ipsec client ezvpn EZVPNCLIENT
connect auto
group TEST key TEST123
mode network-extension
peer 1.1.1.1
username cisco password cisco
xauth userid mode local
Let me know if it helps.
Regards,
Arul
11-12-2007 12:51 AM
thanks for your reply.
I am using the same configuration for my device. i have given the mode as local and defined the username and password.
regards,
muneer
11-12-2007 09:44 AM
If the ezvpn server doesn't allow password storage on client, you won't be able to set this to xauth userid mode local.
On a 3000 head end, this is set on the hardware client tab for the group. For IOS/PIX head end, I don't know how to set it.
11-12-2007 02:43 PM
As the previous poster suggested, check the below "password-storage enable" under the group policy.
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/mr.html#wp1588027
Regards,
Arul
11-12-2007 08:55 PM
Thanks for your help.
I have enabled Password-storage command at Headend device, it started working.
11-13-2007 07:53 AM
Great! Thanks for the update!
Regards,
Arul
05-26-2010 06:07 PM
Hi, which IOS verion comes with this 'local' option, my router only has http-intercept and interactive. it's c2800nm-advipservicesk9-mz.124-15.T7.bin
Thanks, Leo
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: