Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Automatic access with VPN Client?

Hello,

is possible have an automaticall access with VPN Client? I have a customer that he wants access with a VPN Client to a remote site without logging in RADIUS, LDAP, etc... Is possible?

3 REPLIES

Re: Automatic access with VPN Client?

Sure you can by using isakmp parameters in tunnel attributes. On the VPN client just configure the tunnel authentication password which can be saved within the client.

If you do not want user authentication of any kind after configure your tunnel attributes for no user autentication you may use this settings.

Be aware that when using this it will apply to any RA VPN client connecting to that tunnel group, so if you only need this for the purpose of one user I would not recomment to implement it this way, you could use pcf profiles instead to save it in the VPN client which has user's password saved locally and automatically connect.

tunnel-group ipsec-attributes

isakmp ikev1-user-authentication none

Example assume tunnel group name is called RAVPN

tunnel-group RAVPN ipsec-attributes

pre-shared-key

isakmp ikev1-user-authentication none <-- will not ask for second authentication

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i3.html#wp1842328

Regards

New Member

Re: Automatic access with VPN Client?

Thanks Jorge,

but I think that my customer prefer use pcf profiles. The user doesn't have to know the password. This must be transparent for him. How can I do it?

Re: Automatic access with VPN Client?

Jose, see password storage configuration section mid page down for PIX/ASA

Cisco VPN Client Password Storage Configuration

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

1- on the PIX/ASA enable password storage in RA vpn attributes

group-policy VPNusers attributes

password-storage enable

2- Edit the pcf file, this file is usualy stored in the VPN software path.

ON the same link above see Cisco VPN client section.

quote from above link

Cisco VPN Client

Edit the .pcf file and modify these parameters:

SaveUserPassword=1

UserPassword=

Regards

295
Views
0
Helpful
3
Replies