For the Cisco VPN 3000 Concentrator, Cisco VPN Client (software client) and Cisco VPN 3002 Hardware Client, Cisco has implemented a feature Hybrid Authentication Mode for IKE.
Cisco's solution extends the Hybrid Auth model by additionally requiring a group pre-shared key for VPN group identification. The group pre-shared key is used solely to associate users with their appropriate VPN groups, followed by the XAUTH exchange that then authenticates the user.