Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Conflict between EZVPN and Remote access setup

I had a remote access VPN set up with the "crypto map BLAH client authentication" command. Then I configured EZVPN remote devices and they were being prompted for a username a password. So I removed the crypto map statement and placed a vpngroup GROUPNAME client-authentication and a vpngroup authentication server SERVER command in the group set up. Now the EZVPN remote devices connect but the Remote Access VPN clients don't get prompted for authentication. What am I doing wrong?

Thanks

  • VPN
9 REPLIES
New Member

Re: Conflict between EZVPN and Remote access setup

Is there a way to disable XAUTH for ezvpn?

New Member

Re: Conflict between EZVPN and Remote access setup

I take that as a NO. :-)

Or

How do you configure xauth for a remote EZVPN 501 client. If you need my current config let me know.

Thanks.

Cisco Employee

Re: Conflict between EZVPN and Remote access setup

Hello,

Can you post your configuration.

I am assuming that you are using your PIX as Remove and EzVPN server. (BTW: you can not use ezvpn client and VPN server as the same device).

Your query has made me curious ... I think I need to dig a little to lighten my rusty mind.

Vikas

Re: Conflict between EZVPN and Remote access setup

Hi .. actually you can use a PIX as vpn client and server at the same time .. In regards to the issue .. the easiest way to do it is by creating another VPN group for your remote users with Xauth. You will have to modify their profile ( new vpngroup and password ) accordingly.

I hope it helps .. please rate if it it does !!!

New Member

Re: Conflict between EZVPN and Remote access setup

Here is the beef of it. If there is something missing that you would like to see, let me know.

Again, the issue is we have a remote access VPN (group2 in the config) that we would like to authenticate users. Group# in the config is a genuine site to site. I can get around xauth with the no-xauth command. Groups 4,5,and 6 are the EZVPN server settings. When the remote 501's connect to them they get prompted for a username and password unless I remove the crypto map client authentication command. But then the remote access VPN doesn't prompt.

New Member

Re: Conflict between EZVPN and Remote access setup

Is that what you had in mind?

New Member

Re: Conflict between EZVPN and Remote access setup

I'm still stuck. Can anybody tell me how to trouble shoot this?

ISAKMP: error, msg not encrypted

New Member

Re: Conflict between EZVPN and Remote access setup

if you keep the username on the pix try this, if not change to radius server

under the router config change this to match yours, if

crypto ipsec client ezvpn center_xxxxxx

connect auto

group remote_sites key xxxxxxxxxxxxxxxx

mode network-extension

peer xxxxxxxxxxxx

username remote password xxxxxxxxxxxx

xauth userid mode local

!

on the pix make sure your keep the user accounts local. i am currently running ezvpn clients on my ASA and also authenticating users the for remote access too

New Member

Re: Conflict between EZVPN and Remote access setup

Thanks, but the spoke isn't a router, it's a PIX 501 and the HUB is a 515E. The 515 is using RADIUS to authenticate users but it won't authenticate the EZVPN Clients (501's)

252
Views
0
Helpful
9
Replies