I have confugured IPSEC VPN server on Cisco 7200 and both Windows and Linux clients (with Cisco VPN client) are able to connect and everything works perfectely.
But when I configure feature "group-lock" under "crypto isakmp client configuration group" then only Windows clients are still able to connect and Linux connections are refused. Ofcourse I tried using the same account on Windows and Linux.
Has anyone encountered such problem.
Or Is there maybe known issue or bug when group-lock feature is used with Linux client?
The group-lock command attribute is used to check if a user attempting to connect to a group belongs to this group. This attribute is used in conjunction with the extended authentication (Xauth) username. The user name must include the group to which it belongs. The group is then matched against the VPN group name (ID_KEY_ID) that is passed during the Internet Key Exchange (IKE). If the groups do not match, then the client connection is terminated.
To allow the extended authentication (Xauth) username to be entered when preshared key authentication is used with IKE, use the group-lock command in Internet Security Association Key Management Protocol (ISAKMP) group configuration mode.
i think you can resolve your problem after reading above words
I'm not having problem with configuring the group lock feature. My problem is that using the same accounts Windows clients are able to connect and Linux clients are not. And it has been testes on 20 different clients (Windows / Linux)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...