Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
5
Helpful
4
Replies

ezvpn network-ext and user xauth on the c871

darin.marais
Level 4
Level 4

‎10-19-2007 05:35 AM

I have just completed the configuration on an 871 with Version 12.3(8)YI2 software installed on it. A portion of the configuration is shown below:

crypto ipsec client ezvpn <removed>

connect auto

group test key <removed>

mode network-extension

peer <removed>

username testuser password <removed>

xauth userid mode local

I have created a client configuration and successfully connected the device to a vpn3000C however during the connection I was required to connect on the 871 and enter the username and password by issuing the command 'crypto ipsec client ezvpn xauth'

Show log:

Pending XAuth Request,

Please enter the following command:

EZVPN: crypto ipsec client ezvpn xauth

Is there a method to have the router complete this step so as to save the user from having to connect to the 871 and enter the username etc. I know that this defeats the objectives of having security but there are valid reasons for wanting to do this.

If you help then please do…

Labels:
0 Helpful
4 Replies 4

darin.marais
Level 4
Level 4

‎10-22-2007 04:52 AM

hey big large cisco world of forum and wonderful people out there.

Does nobody know the answer or does "no answer" mean that it can not be done...

0 Helpful

Jason Gervia
Cisco Employee
Cisco Employee

‎10-30-2007 09:42 PM

Hello,

You need to turn off xauth on the head end (the concentrator) as that's what is requiring xauth - change your authentication from 'internal' to something else.

--Jason

darin.marais
Level 4
Level 4
In response to Jason Gervia

‎11-05-2007 03:15 AM

jason thanks for your answer. it worked once i turned off the xauth on the c3000. is there a way to leave it on but have the 871 send the username instead of waiting for user interaction?

0 Helpful

ggilbert
Cisco Employee
Cisco Employee
In response to darin.marais

‎11-06-2007 04:20 PM

You can use the save password option on the 3000 concentrator for that specific group. Once the user connects for the first time, then the password will be saved.

Cheers,

Gilbert

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents