Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
1
Replies

EZVPN XAUTH

pjosephs
Level 1
Level 1

‎07-06-2003 11:52 PM - edited ‎03-09-2019 03:55 AM

I have configured a 1760 as an EVPN server with clients succesfully connecting using unified client version 4.x. now trying to configure it to connect to a PIX 501 running in Network extention mode. Having problems with extended authentication, using local username database as per cisco.com examples. Was working initially now does not want to know.

Anyone experienced this and any advice.

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization network vpnservertest local

aaa accounting exec default start-stop group tacacs+

aaa session-id common

ip subnet-zero

crypto isakmp client configuration group vpnservertest

dns x.x.x.x x.x.x.x

wins x.x.x.x x.x.x.x

domain idc.uk.parker.corp

pool serverpool1

ON PIX

vpnclient vpngroup vpnservertest password ********

vpnclient username x.x.x.x password ********

vpnclient server x.x.x.x

vpnclient mode network-extension-mode

vpnclient enable

Labels:
0 Helpful
1 Reply 1

drolemc
Level 6
Level 6

‎07-10-2003 07:10 AM

If you are using PIX OS v6.2(1), you are probably runing into bug CSCdx53187. The PIX in NEM mode, configured as an EZVPN client, has problems negotiating the IPSec SA. Upgrade to a newer version would be a good idea.

0 Helpful
Customers Also Viewed These Support Documents