Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

problem with ezvpn xauth

can someone pls tell me what does xauth mode interactive mean in the ezvpn client. can i have per user authentication who can access the vpn tuunel. on the basis of username and password authentication.

sebastan

4 REPLIES
Gold

Re: problem with ezvpn xauth

Yes you are right...With this feature enabled, the user must enter user name, group name, and user password during XAUTH to authenticate

You can use local database on router (firewall) or RADIUS (TACACS+) authentication

Try following document:

http://www.cisco.com/application/pdf/en/us/guest/products/ps6659/c1650/cdccont_0900aecd80313bf2.pdf

M.

Pls rate useful posts

New Member

Re: problem with ezvpn xauth

hi for this to work do i need to have the username and password locally created on the eazy vpn client router or the eazy server. thank u waiting for ur reply.

sebastan

Gold

Re: problem with ezvpn xauth

1) enable aaa new model with command:

aaa new-model

2) create auth policy with (in this case named userlist) with local database check:

aaa authentication login userlist local

3)create local usernames:

username cisco password 0 cisco

4)when you configure dynamic map select for authentication created userlist

crypto map dynmap client authentication list userlist

Its taken from

http://www.cisco.com/application/pdf/en/us/guest/products/ps6659/c1650/cdccont_0900aecd80313bf2.pdf

You have here all easy vpn server configuration

M.

Hope that helps, rate if it does

New Member

Re: problem with ezvpn xauth

hi there here my scenario is using a router as a eazy vpn client and not a vpn client software. my requirement is that when this vpn client router connects to the headend device can i have the users to be authenticated before they can access the network via the vpn. is this possible. thank u for all ur help. waiting for ur reply.

sebastan

182
Views
0
Helpful
4
Replies
CreatePlease to create content