07-10-2014 03:47 AM
Hi guys,
I would like to know if I can skip XAuth for a Remote VPN Access on a router.
Here's my config, all working beautifully, still when connecting I would like not seeing any username&password window after clicking on the Vpn profile.
Solved! Go to Solution.
07-10-2014 04:04 AM
Hi Florin,
In case of remote access VPN , user has to be authenticated either via username/password or certificates.
You can deploy certificate based authentication as follows:-
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/22520-unityclient-ios.html#router-config
This will use the certificate for user authentication and won't prompt for username/password.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
07-10-2014 04:04 AM
Hi Florin,
In case of remote access VPN , user has to be authenticated either via username/password or certificates.
You can deploy certificate based authentication as follows:-
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/22520-unityclient-ios.html#router-config
This will use the certificate for user authentication and won't prompt for username/password.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
07-10-2014 07:15 AM
To add, IKE authentication can use RSA (certs, signature, encryption) or PSK, xauth can be done with user/pass only or skipped altogether.
To bypass xauth either remove client authentication or set the AAA group to none. It's been a while since I tested this. I think the latter should work on IOS.
07-10-2014 12:28 PM
Hi Marcin,
Before posting I tried:
07-10-2014 12:30 PM
Florin, did you by any chance tried removing the client authentication statement (from crypto map or isakmp profile).
M.
07-10-2014 12:31 PM
I think I did, but I will retry tomorrow. Either way I doubt it will work, but I will comeback with the outcome.
07-10-2014 12:33 PM
Florin,
I _remember_ this working with isakmp profile. But it's something I've done a couple of years ago at least.
M.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: