Disable the xauth in IOS router for EZVPN client

mkmzaman · ‎11-10-2007

I am trying to diable the xauth option and make the authentication by default not the interactive. I have tried using the username option, still its in the xauth interactive mode.Please can anyone help me out in this.

ajagadee · ‎11-10-2007

If possible, Can you post the current configuration from the router. If not, make sure that your configuration looks like the below:

crypto ipsec client ezvpn EZVPNCLIENT

connect auto

group TEST key TEST123

mode network-extension

peer 1.1.1.1

username cisco password cisco

xauth userid mode local

Let me know if it helps.

Regards,

Arul

mkmzaman · ‎11-12-2007

thanks for your reply.

I am using the same configuration for my device. i have given the mode as local and defined the username and password.

regards,

muneer

kcoming · ‎11-12-2007

If the ezvpn server doesn't allow password storage on client, you won't be able to set this to xauth userid mode local.

On a 3000 head end, this is set on the hardware client tab for the group. For IOS/PIX head end, I don't know how to set it.

ajagadee · ‎11-12-2007

As the previous poster suggested, check the below "password-storage enable" under the group policy.

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/mr.html#wp1588027

Regards,

Arul

mkmzaman · ‎11-12-2007

Thanks for your help.

I have enabled Password-storage command at Headend device, it started working.

ajagadee · ‎11-13-2007

Great! Thanks for the update!

Regards,

Arul

xzjleo2005 · ‎05-26-2010

Hi, which IOS verion comes with this 'local' option, my router only has http-intercept and interactive. it's c2800nm-advipservicesk9-mz.124-15.T7.bin

Thanks, Leo