Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Why VPN dialer uses AAA user name & password

I hav configured Cisco ASA 5510 for VPN dialer for mobile client. when i enter the user name & password of the tunnel-group it doesn't accepts, where as if i enter the user name & password of AAA "username anand password cisco123 encrypted privilege 15" this password is getting accepted. why is that & how do i configure to accept the vpn group password only.

Hall of Fame Super Silver

Re: Why VPN dialer uses AAA user name & password


Either I do not understand your question very well or you are misunderstanding how the VPN dialer on the ASA5510 works. I am not sure which. It seems like you are expecting the mobile client to input only a group name and a group password and that should be enough to authenticate the incoming user session. But that is not how it works. The group name and password are the first stage of identifying the user but are not sufficient to fully identify and authenticate the user. The group name and password are used primarily to determine which policy to apply to the session. You might have several different groups defined with somewhat different policies for each group. So the group name and password determine the appropriate policy and the user name and password authenticate the individual user. group name and password without user name does not work and user name and password without group does not work.

If I have misunderstood your question then perhaps you can clarify.



CreatePlease to create content