Cisco Support Community
Community Member

Is Individual User Authentication Available On EZVPN Client Routers?

IMHO, one of the really beneficial features of the VPN 3000 series is the Individual User Authentication (IUA) feature on the 3002 HW client that can be exercised by a VPN 3000 series concentrator. Is the IUA feature supported by other EZVPN client platforms like a SOHO91 router?

In particular, I wish to establish a client-mode VPN tunnel between a SOHO91 and a VPN 3000 concentrator and have remote LAN users authenticate to/through the SOHO91 before jumping onto the tunnel. Can this be accomplished using IOS 12.2(8)YN on the SOHO91 and Version 4.0 firmware on the VPN concentrator? Thank you in advance for your reply.


Re: Is Individual User Authentication Available On EZVPN Client

I don't think that Individual User Authentication is aupported on the SOHO91. However, the PIX firewall acting as an Easy VPN Server does support Individual User Authentication. IUA is enabled by means of the downloaded VPN policy and it cannot be configured locally. With the PIX acting as the Easy VPN server (and since it supports IUA), you can have all your remote devices behind the Easy VPN Remote device, authenticate themselves before initiating a connection. I hope that helps.

Community Member

Re: Is Individual User Authentication Available On EZVPN Client

Thank you for your reply.

In my case, a VPN 3005 concentrator is functioning as the EasyVPN server, not a PIX firewall. Further, what is the EasyVPN remote device that you refer to in your note - a SOHO91, another IOS router with the EasyVPN feature set, a Cisco VPN software client, a Cisco VPN hardware client (e.g., 3002) or what??

TIA for your follow-up reply.

CreatePlease to create content