Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX VPN local Xauth?

I tried to configure VPN with Xauth using local authentication on 6.2 code and couldn't get it to work. Has anyone found a way to do this? Is it planned for future releases? This pix is only authenticating a handfull of users and Radius/Tacacs+ is overkill, I just want to enter a few username/password combinations in the config.

  • Other Security Subjects
5 REPLIES
New Member

Re: PIX VPN local Xauth?

I have used it and it works great; however, I would still use a RADIUS. MS makes a RADIUS server that is include with advance Server and Win NT Option Pack

New Member

Re: PIX VPN local Xauth?

I have a customer that we set up VPN on a PIX 515 to work with Ciscos Secure Client 1.1 The customer would like to authentication to their vpn. They have only about 5 salespeople who use this vpn access. They run a novell environment with no microsoft servers. They have no radius servers. I was told by a cisco engineer in the spring of 2002 that the new 6.x version of software would include local Xauth. If this is true, how (or what ) are the commands. I have to upgrade their current code (5.3)

New Member

Re: PIX VPN local Xauth?

The new 6.2 does include local xauth but not for vpn. Perhaps you should go back and talk to that engineer to find out when, if ever, local xauth will be supported for vpn authentication. Otherwise you will need some type of radius server as you mentioned you have none.

Kurtis Durrett

New Member

Re: PIX VPN local Xauth?

Pix doesn't support local XAUTH authentication. I'd guess it won't be included in future code, since this is a "sell-up" to the concentrators....but who knows!

However, You can use any Windows 2000 Server on your network to authenticate via Internet Authentication Service.

See the technote on cco here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

New Member

Re: PIX VPN local Xauth?

Thanks Jeff, that is kinda what I thought. This client's environment is all NT4 still and I know there is a MS Radius server, but that isn't practical in this situation. Local Xauth on the pix seems like a simple solution though. You may be right in the thinking that Cisco doesn't want to give it too much functionality and hurt the concentrator sales. I think sometimes Cisco's thinking is always big companies/big networks, they don't realize that someone would want to connect just a handful of VPN users to a pix.

114
Views
4
Helpful
5
Replies
This widget could not be displayed.