In middle of configuring a Pix 501 for VPN. I have running a few VPN's Site to Site and can terminate a Client to Site VPN with no issue. I am having problems getting the Client to Site to initiate a User Username and Password Challenge when VPNing in, I get a connection using the VPN credentials set in the Secure Client but no further user challenge.
Can someone advise of suitable config to change this?
Use the crypto map client authentication command to tell the PIX Firewall to use the Xauth (RADIUS/TACACS+ user name and password) challenge during Phase 1 of Internet Key Exchange (IKE) in order to authenticate IKE. If the Xauth fails, the IKE security association is not established. Specify the same AAA server name within the crypto map client authentication command statement that is specified in the aaa-server command statement. The remote user must run Cisco VPN Client version 3.x. or later.
Note: Cisco recommends you use Cisco VPN Client 3.5.x or later. VPN Client 1.1 does not work with this configuration. Cisco VPN Client 3.6 and later does not support the transform set of des/sha.
If you need to restore the configuration without Xauth, use the no crypto map client authentication command. The Xauth feature is not enabled by default.
Note: In PIX Firewall Version 5.3 and later, configurable RADIUS ports were introduced. Some RADIUS servers use RADIUS ports other than 1645/1646 (usually 1812/1813). In PIX 5.3 and later, the RADIUS authentication and accounting ports can be changed to ones other than the default 1645/1646 using these commands:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...