Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

The user receives the Xauth required but selected Proposal does not support xauth , Check priorities of ike xauth proposals in ike proposal list error message in the logs of VPN 3000 series Concentrator

Core issue

This error message appears when a wrong proposal is chosen for an Internet Security Association and Key Management Protocol (ISAKMP) proposal.


As a workaround, either disable Xauth or change the Cisco VPN Client proposal.

To disable extended authentication (Xauth) on a VPN Concentrator, perform these steps:

1. Select Configuration > User Management > Groups > Modify.

2.  Go to the IPSec tab.

3.  Confirm that None is selected under the Authentication box. This disallows any sort of Xauth.

4. Select Configuration > Tunneling and Security > IPsec > IKE Proposals.

5.  Check the Cisco VPN Client proposal. The Authentication Mode box should only read "Pre-share Key." This also disallows Xauth for the Clients.

6.  Try to connect to the VPN Client, and verify that the VPN Concentrator does not ask for Xauth.