Automatic access with VPN Client?

Unanswered Question
Jul 6th, 2009

Hello,

is possible have an automaticall access with VPN Client? I have a customer that he wants access with a VPN Client to a remote site without logging in RADIUS, LDAP, etc... Is possible?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Mon, 07/06/2009 - 07:42

Sure you can by using isakmp parameters in tunnel attributes. On the VPN client just configure the tunnel authentication password which can be saved within the client.

If you do not want user authentication of any kind after configure your tunnel attributes for no user autentication you may use this settings.

Be aware that when using this it will apply to any RA VPN client connecting to that tunnel group, so if you only need this for the purpose of one user I would not recomment to implement it this way, you could use pcf profiles instead to save it in the VPN client which has user's password saved locally and automatically connect.

tunnel-group ipsec-attributes

isakmp ikev1-user-authentication none

Example assume tunnel group name is called RAVPN

tunnel-group RAVPN ipsec-attributes

pre-shared-key

isakmp ikev1-user-authentication none <-- will not ask for second authentication

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i3.html#wp1842328

Regards

jimontoro Mon, 07/06/2009 - 12:12

Thanks Jorge,

but I think that my customer prefer use pcf profiles. The user doesn't have to know the password. This must be transparent for him. How can I do it?

JORGE RODRIGUEZ Mon, 07/06/2009 - 14:01

Jose, see password storage configuration section mid page down for PIX/ASA

Cisco VPN Client Password Storage Configuration

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

1- on the PIX/ASA enable password storage in RA vpn attributes

group-policy VPNusers attributes

password-storage enable

2- Edit the pcf file, this file is usualy stored in the VPN software path.

ON the same link above see Cisco VPN client section.

quote from above link

Cisco VPN Client </p><p></p><p>Edit the .pcf file and modify these parameters:</p><p></p><p>SaveUserPassword=1</p><p>UserPassword= <type your password>

Regards

Actions

This Discussion