12-01-2007 04:32 PM - edited 02-21-2020 01:49 AM
We just started configuring ASAs for VPN access after years of using the PIX. One of the biggest changes that I have noticed for the Remote Client Access is the use of a pre-shared key. Is there a way to disable the pre-shared-key attribute under the tunnel-group <groupname> ipsec-attributes and just require clients to authenticate with the username/password combination like in the 6.3(5) code? If so, how? Any advice would be truly helpful.
Thax in advance!
12-02-2007 06:26 AM
that pre-shared key is just the group password.
are you wanting to not use group names/passwords?
or are you *just* wanting to use group names/passwords?
to disable xauth:
tunnel-group grp_name ipsec-attributes
pre-shared-key *
isakmp ikev1-user-authentication none
12-02-2007 11:02 PM
What I want to do is not use the group names password. I just want to be able to have clients use their username and a password that is unique to each username (so, no pre-shared key at all).
For example here is a config from the 6.3(5) code:
crypto ipsec transform-set strongset esp-aes esp-sha-hmac
crypto dynamic-map stuff 10 set transform-set strongset
crypto map mymap 10 ipsec-isakmp dynamic stuff
isakmp identity address
isakmp nat-traversal
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp log 300
vpngroup username address-pool ippool
vpngroup username idle-time 1800
vpngroup username split-tunnel 103
vpngroup username password blah
crypto map mymap interface outside
isakmp enable outside
wr me
No pre-shared key was needed. How do I migrate this code over to the ASA?
Thax!
12-03-2007 05:26 PM
The preshared key was the password defined here:
vpngroup username password blah
that served the same purpose as the tunnel-group preshared key. They are functionally equivalent.
in 7.x and later, the tunnel-group name takes the place of the vpngroup name , and the preshared key attribute takes the place of the vpngroup password..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide