i have a strange problem i just want to clarify i have enabled client mode vpn with xauth. the client router asks for xauth and the server is configured with save password command.the client router prompted once for username and password then the client mode vpn is up and running. as per the documentation when xauth is enabled and when the users try to access the server side lan the users should be prompted for username and passsword. bt it doesn't happen that way could anyone pls tell why and how to get this working. .or this is the way it works. i am really confused abt it
If xauth is configured for http-intercept the the user is presented with a login window when they start an http connection to the remote site. Altenetively the user can login interactively at the router cli.
In your case what is the config of the xauth, the line that reads: "xauth userid mode"
hi john in my case the xauth userid states local . do i have to set up tp http interractive .and one more thing i wanted to know the save password feature should be enabled on both the client and the vpn server router? i am not sure of this. pls guide me on this thank u .
Usually i use "xauth userid mode local" if i want the client to connect automatically, user will not be prompted since username and password are entered in config. In this case your config would look something like this:
group xyz key xyz
username xyz password xyz
xauth userid mode local
Enter the "group" and key if you are using groups on the server. The "username" "password" is the username and password saved on the server. "xauth userid mode local" tell the client to use the "username" and "password" in the client config.
User the http interactive if user is connecting from home
hi john thanks for ur reply. u mean to say setting the xauth userid mode to local . the client router when connects to to the server it won't ask for password it take the user and password from the config u just said.for this to work i read somewhere both the client and server routers needs to have save password command am i right. i have one more query that can i have a user getting user prompt who is connected to the client router while connecting to vpn server. is it possible . pls reply and thanks for all ur help on this john .
yes, if you use "xauth userid mode local" the client will connect automatically using the username and password from the config. You also have to enter the username and password on the server and configure the server to authenticate the user using the local database. What are you using for the vpn server, router, pix or vpn concentrator? For the user to be prompted to authenticate you will have to use the following config:
group xyz key xyz
xauth userid mode http-intercept
With this example the user will have to start a web session to authenticate.
hi john thanks for ur help buddy. my scenario is like this.subnet 10.1.1.0/24 behind easy vpn server it's a router connected to a router and then to a eazy vpn client router . now in client mode the eazy vpn client router connects to the eazy vpn server router and the tunnel is up. now i want a user sitting on the subnet behind the eazy vpn client while accessing the web server on the eazy vpn server subnet he should be prompted for username and password. it's nice to discuss issues with u john. my email address is firstname.lastname@example.org , email@example.com
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...