12-01-2007 04:32 PM - edited 02-21-2020 01:49 AM
We just started configuring ASAs for VPN access after years of using the PIX. One of the biggest changes that I have noticed for the Remote Client Access is the use of a pre-shared key. Is there a way to disable the pre-shared-key attribute under the tunnel-group <groupname> ipsec-attributes and just require clients to authenticate with the username/password combination like in the 6.3(5) code? If so, how? Any advice would be truly helpful.
Thax in advance!
12-02-2007 06:26 AM
that pre-shared key is just the group password.
are you wanting to not use group names/passwords?
or are you *just* wanting to use group names/passwords?
to disable xauth:
tunnel-group grp_name ipsec-attributes
pre-shared-key *
isakmp ikev1-user-authentication none
12-02-2007 11:02 PM
What I want to do is not use the group names password. I just want to be able to have clients use their username and a password that is unique to each username (so, no pre-shared key at all).
For example here is a config from the 6.3(5) code:
crypto ipsec transform-set strongset esp-aes esp-sha-hmac
crypto dynamic-map stuff 10 set transform-set strongset
crypto map mymap 10 ipsec-isakmp dynamic stuff
isakmp identity address
isakmp nat-traversal
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp log 300
vpngroup username address-pool ippool
vpngroup username idle-time 1800
vpngroup username split-tunnel 103
vpngroup username password blah
crypto map mymap interface outside
isakmp enable outside
wr me
No pre-shared key was needed. How do I migrate this code over to the ASA?
Thax!
12-03-2007 05:26 PM
The preshared key was the password defined here:
vpngroup username password blah
that served the same purpose as the tunnel-group preshared key. They are functionally equivalent.
in 7.x and later, the tunnel-group name takes the place of the vpngroup name , and the preshared key attribute takes the place of the vpngroup password..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: