Does IOS support working as ipsec client with xauth?

Unanswered Question
Apr 3rd, 2008

I'm trying to setup ios to connect to a third-party vpn gateway, that gateway need xauth authentication by sending a mode-cfg packet after phase1 finished, how can I make IOS respond that packet with a local username/password?

Currently ISAKMP debug shows "Unknown Input IKE_MESG_FROM_PEER,IKE_CFG_REQUEST" error when it received that mode-cfg packet.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ivillegas Wed, 04/09/2008 - 12:49

If you want router to use X-Auth you will have to change the mode to aggressive. Change this and check if this works.

hansyin Sat, 04/26/2008 - 22:02

you mean changing mode in IOS? I remember IOS will always try to use main mode and only try to use aggressive mode when main mode failed. Is there a command to force IOS to use only aggressive mode? what is it?



This Discussion