Automatic access with VPN Client?

Unanswered Question
Jul 6th, 2009
User Badges:

Hello,


is possible have an automaticall access with VPN Client? I have a customer that he wants access with a VPN Client to a remote site without logging in RADIUS, LDAP, etc... Is possible?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Mon, 07/06/2009 - 07:42
User Badges:
  • Green, 3000 points or more

Sure you can by using isakmp parameters in tunnel attributes. On the VPN client just configure the tunnel authentication password which can be saved within the client.


If you do not want user authentication of any kind after configure your tunnel attributes for no user autentication you may use this settings.


Be aware that when using this it will apply to any RA VPN client connecting to that tunnel group, so if you only need this for the purpose of one user I would not recomment to implement it this way, you could use pcf profiles instead to save it in the VPN client which has user's password saved locally and automatically connect.



tunnel-group ipsec-attributes

isakmp ikev1-user-authentication none


Example assume tunnel group name is called RAVPN



tunnel-group RAVPN ipsec-attributes

pre-shared-key

isakmp ikev1-user-authentication none <-- will not ask for second authentication


http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i3.html#wp1842328



Regards


jimontoro Mon, 07/06/2009 - 12:12
User Badges:

Thanks Jorge,


but I think that my customer prefer use pcf profiles. The user doesn't have to know the password. This must be transparent for him. How can I do it?

JORGE RODRIGUEZ Mon, 07/06/2009 - 14:01
User Badges:
  • Green, 3000 points or more

Jose, see password storage configuration section mid page down for PIX/ASA

Cisco VPN Client Password Storage Configuration

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml



1- on the PIX/ASA enable password storage in RA vpn attributes


group-policy VPNusers attributes

password-storage enable




2- Edit the pcf file, this file is usualy stored in the VPN software path.

ON the same link above see Cisco VPN client section.


quote from above link


Cisco VPN Client </p><p></p><p>Edit the .pcf file and modify these parameters:</p><p></p><p>SaveUserPassword=1</p><p>UserPassword= <type your password>



Regards


Actions

This Discussion