Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

Disabling XAuth for Remote VPN Users on ASA 5510 Version 7.2(1)

Anyone know how to disable XAuth for Remote VPN users on the ASA 5510 running 7.2(1)?

HPMFIRE(config)# tunnel-group vpn3000 general-attributes

HPMFIRE(config-tunnel-general)# authen

HPMFIRE(config-tunnel-general)# authentication-server-group none

ERROR: The authentication-server-group none command has been deprecated.

The isakmp command in the ipsec-attributes should be used instead.

HPMFIRE(config-tunnel-general)# tunnel-group vpn3000 ipsec-attributes

HPMFIRE(config-tunnel-ipsec)# isakmp ?

tunnel-group-ipsec mode commands/options:

ikev1-user-authentication Configure IKEv1 User Authentication

keepalive Configure ISAKMP keepalives

configure mode commands/options:

am-disable Disable inbound aggressive mode connections

client Set client configuration policy (DEPRECATED - see 'help

isakmp')

disconnect-notify Enable disconnect notification to peers

enable Enable ISAKMP on the specified interface

identity Set identity type (address, hostname or key-id)

ipsec-over-tcp Enable and configure IPSec over TCP

keepalive Set keepalive interval (DEPRECATED - see 'help isakmp')

key Set pre-shared key for remote peer (DEPRECATED - see 'help

isakmp')

nat-traversal Enable and configure nat-traversal

peer Set xauth and config mode exemption for the specified peer

(DEPRECATED - see 'help isakmp')

policy Set ISAKMP policy suite

reload-wait Wait for voluntary termination of existing connections

before reboot

I couldn't find anything under isakmp to disable it. Thanks for any help.

  • Other Security Subjects
2 REPLIES
New Member

Re: Disabling XAuth for Remote VPN Users on ASA 5510 Version 7.2

Hi There,

Please do the below

Router(config)# crypto isakmp key keystring address peer-address [mask] [no-xauth]

New Member

Disabling XAuth for Remote VPN Users on ASA 5510 Version 7.2(1)

Hello!

You can use the following command in order to disable Xauth:

HPMFIRE(config-tunnel-general)# tunnel-group vpn3000 ipsec-attributes

HPMFIRE(config-tunnel-ipsec)# isakmp ikev1-user-authentication none

Regards,

2530
Views
0
Helpful
2
Replies