×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

EZVPN XAUTH

Unanswered Question
Jul 6th, 2003
User Badges:

I have configured a 1760 as an EVPN server with clients succesfully connecting using unified client version 4.x. now trying to configure it to connect to a PIX 501 running in Network extention mode. Having problems with extended authentication, using local username database as per cisco.com examples. Was working initially now does not want to know.


Anyone experienced this and any advice.


aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization network vpnservertest local

aaa accounting exec default start-stop group tacacs+

aaa session-id common

ip subnet-zero



crypto isakmp client configuration group vpnservertest

dns x.x.x.x x.x.x.x

wins x.x.x.x x.x.x.x

domain idc.uk.parker.corp

pool serverpool1



ON PIX



vpnclient vpngroup vpnservertest password ********

vpnclient username x.x.x.x password ********

vpnclient server x.x.x.x

vpnclient mode network-extension-mode

vpnclient enable

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
drolemc Thu, 07/10/2003 - 07:10
User Badges:
  • Silver, 250 points or more

If you are using PIX OS v6.2(1), you are probably runing into bug CSCdx53187. The PIX in NEM mode, configured as an EZVPN client, has problems negotiating the IPSec SA. Upgrade to a newer version would be a good idea.

Actions

This Discussion