I use a ASA5505 as a easyvpn client to connect to a ASA5510 easyvpn server and everything is working fine. Now i want to add some security by using Individual User Authentication(IUA) on the server side with the command:
group-policy EZVPN_GROUP attributes
Again, everything is working fine, each device connected to the ASA5505(client) must authenticate via http. Now, i have a device that cannot authenticate and i want to create a mac-exempt. I try the following command on the client side (5505):
vpnclient mac-exempt 0015.0000.0000 ffff.0000.0000
But i always get the following message:
%PIX|ASA-3-109023: User form 10.26.50.20/5000 to 10.197.204.204/4100 on interface inside using udp must authenticate before using this service.
If i do a show arp, i received the following:
inside 10.26.50.20 0015.9be3.bf6c 210
Did i use the correct command (vpnclient mac-exempt) or should i use another command (i.e: aaa mac-exempt)?
Thank for any advice...
Ps: I use software version 7.2(4) on the 5505, but i also try version 8.0(4)