Pix-to-Pix dynamic IPSEC with xauth clients

Unanswered Question
May 15th, 2002
User Badges:

Is it possible to have both a dynamic IPSEC client and xauth clients terminated on a Pix firewall. If yes, how do you configure it to only xauth the clients and not the dynamic Pix firewall.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vijkrish Thu, 05/16/2002 - 10:22
User Badges:
  • Cisco Employee,

Xauth client is also a dynamic client. Ok, to be precise, I assume you meant:

dynamic ipsec client -> Another pix firewall / router for example


xauth client -> VPN client doing extended auth.

If this is the case, this is not possible because you cannot disable xauth for the dynamic ipsec clients because to disable xauth, you need to know the IP address in advance and this is not possible for the dynamic client in question (say another PIX).

Let us know if the answer is not clear or if I misunderstood.


This Discussion