Cisco Support Community
Community Member

username and password after group name authentication

i am using the vpn client ver 3.66 for xp..the vpn server is on a pix 515..the vpn group was able to be authenticated but prompts me for a username and password after that..which username and password is this and how will i configure it..

thanks a lot

Cisco Employee

Re: username and password after group name authentication

This username can be stored locally on the PIX, or on a separate Radius or TACACS server. Check your PIX config and you'll have something like this:

crypto map client authentication

AAA-server protocol tacacs+

AAA-server (outside) host

The "tacacs+" could also be "radius" or "LOCAL", depending on where you want to store your usernames. If you want to store them locally on the PIX, just do the following:

AAA-server protocol LOCAL

username password

You can have as many username commands as you have users.

Of course if you don't want to do any user authentication (not recommended), then do:

no crypto map client authentication

and you won't be prompted at all. This is inherently insecure though, if someone steals one of your laptops with the VPN client on it they'll have open access to your network.

CreatePlease to create content