I tried to configure VPN with Xauth using local authentication on 6.2 code and couldn't get it to work. Has anyone found a way to do this? Is it planned for future releases? This pix is only authenticating a handfull of users and Radius/Tacacs+ is overkill, I just want to enter a few username/password combinations in the config.
I have a customer that we set up VPN on a PIX 515 to work with Ciscos Secure Client 1.1 The customer would like to authentication to their vpn. They have only about 5 salespeople who use this vpn access. They run a novell environment with no microsoft servers. They have no radius servers. I was told by a cisco engineer in the spring of 2002 that the new 6.x version of software would include local Xauth. If this is true, how (or what ) are the commands. I have to upgrade their current code (5.3)
The new 6.2 does include local xauth but not for vpn. Perhaps you should go back and talk to that engineer to find out when, if ever, local xauth will be supported for vpn authentication. Otherwise you will need some type of radius server as you mentioned you have none.
Thanks Jeff, that is kinda what I thought. This client's environment is all NT4 still and I know there is a MS Radius server, but that isn't practical in this situation. Local Xauth on the pix seems like a simple solution though. You may be right in the thinking that Cisco doesn't want to give it too much functionality and hurt the concentrator sales. I think sometimes Cisco's thinking is always big companies/big networks, they don't realize that someone would want to connect just a handful of VPN users to a pix.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...