Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

EZVPN XAUTH

I have configured a 1760 as an EVPN server with clients succesfully connecting using unified client version 4.x. now trying to configure it to connect to a PIX 501 running in Network extention mode. Having problems with extended authentication, using local username database as per cisco.com examples. Was working initially now does not want to know.

Anyone experienced this and any advice.

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization network vpnservertest local

aaa accounting exec default start-stop group tacacs+

aaa session-id common

ip subnet-zero

crypto isakmp client configuration group vpnservertest

dns x.x.x.x x.x.x.x

wins x.x.x.x x.x.x.x

domain idc.uk.parker.corp

pool serverpool1

ON PIX

vpnclient vpngroup vpnservertest password ********

vpnclient username x.x.x.x password ********

vpnclient server x.x.x.x

vpnclient mode network-extension-mode

vpnclient enable

1 REPLY
Silver

Re: EZVPN XAUTH

If you are using PIX OS v6.2(1), you are probably runing into bug CSCdx53187. The PIX in NEM mode, configured as an EZVPN client, has problems negotiating the IPSec SA. Upgrade to a newer version would be a good idea.

151
Views
0
Helpful
1
Replies
CreatePlease to create content