You don't need it, but it is stronly recommended to use Extended Authentication for VPN clients. You configure this by using the aaa-server commands to setup a RADIUS/TACACS+ authentication server and the 'crypto map xxxxx client authentication' command to setup Xauth for remote vpn clients. See http://www.cisco.com/warp/customer/110/B.html for an example setup.
How do I make a configuration that doesn't use RADIUS/TACACS+ for authentication, just using, per say, i.e. 'vpdn username cisco password cisco'. How do I get the PIX to use it's own user list to authenticate?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...