07-06-2009 03:05 AM
Hello,
is possible have an automaticall access with VPN Client? I have a customer that he wants access with a VPN Client to a remote site without logging in RADIUS, LDAP, etc... Is possible?
07-06-2009 07:42 AM
Sure you can by using isakmp parameters in tunnel attributes. On the VPN client just configure the tunnel authentication password which can be saved within the client.
If you do not want user authentication of any kind after configure your tunnel attributes for no user autentication you may use this settings.
Be aware that when using this it will apply to any RA VPN client connecting to that tunnel group, so if you only need this for the purpose of one user I would not recomment to implement it this way, you could use pcf profiles instead to save it in the VPN client which has user's password saved locally and automatically connect.
tunnel-group
isakmp ikev1-user-authentication none
Example assume tunnel group name is called RAVPN
tunnel-group RAVPN ipsec-attributes
pre-shared-key
isakmp ikev1-user-authentication none <-- will not ask for second authentication
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i3.html#wp1842328
Regards
07-06-2009 12:12 PM
Thanks Jorge,
but I think that my customer prefer use pcf profiles. The user doesn't have to know the password. This must be transparent for him. How can I do it?
07-06-2009 02:01 PM
Jose, see password storage configuration section mid page down for PIX/ASA
Cisco VPN Client Password Storage Configuration
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml
1- on the PIX/ASA enable password storage in RA vpn attributes
group-policy VPNusers attributes
password-storage enable
2- Edit the pcf file, this file is usualy stored in the VPN software path.
ON the same link above see Cisco VPN client section.
quote from above link
Cisco VPN Client
Edit the .pcf file and modify these parameters:
SaveUserPassword=1
UserPassword=
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: