Re: turning off Xauth for Easy VPN NEM

From: Alexei Monastyrnyi (alexeim73@gmail.com)
Date: Fri Mar 06 2009 - 09:24:43 ARST

• Next message: Vikram Singh: "Re: GDM and CUE"
• Previous message: Antonie Henning - MWEB: "RE: advice about 3640"
• Maybe in reply to: Alexei Monastyrnyi: "Re: turning off Xauth for Easy VPN NEM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

For PIX/ASA it is configurable whether to enable or disable XAuth, this
i know from experience.

For example, if you don't specify
crypto map mymap client authentication RADIUS or LOCAL
in PIX 6, you will get in with just a group authentication /PSK.

I am not 100% positive with IOS implementation, need to lab it up, since
a rule "assume nothing" is very much in-line with Cisco. :-)

A.

Sadiq Yakasai wrote:
> I was under the impression that EZVPN works inherently with xauth, but
> I may have misunderstood the operation completely then. In other
> words, you cannot disable xauth.
>
> Sadiq
>
> On Fri, Mar 6, 2009 at 8:49 AM, Alexei Monastyrnyi
> <alexeim73@gmail.com <mailto:alexeim73@gmail.com>> wrote:
>
> Hi.
>
> This might help:
> http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080808395.shtml
>
> I believe if you would just remove the following from EzVPN server
> side
> *aaa authentication login userauthen local* /
> /*crypto map clientmap client authentication list userauthen
>
> And remove "** xauth userid mode interactive* " on the client side.
>
> Though I haven't labbed that myself.
>
> Alternatively you can allow clients using saved passwords and use
> "* xauth userid mode local" along with appropriate "username abc
> password xyz" under your EzVPN client configuration.
>
> Second option works fine for me. We don't have a control over
> EzVPN server side, but we asked to allow to use stored passwords
> and finally got read of software VPN client, moving EzVPN client
> termination to the edge router.
>
> HTH,
> *A.
>
>
> Zeeshan Sanaullah wrote:
>
> Hello !!
>
> What is the method to turn Off Xauth for Easy VPN Network
> Extension Mode
>
> So that the Spoke doesnot need to enter Login Credentials.
>
>
> Regards
> Zeeshan
>
> _________________________________________________________________
> Windows Live Hotmail. more than just e-mail.
> http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_hm_justgotbetter_howit
> works_022009
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>
>
> --
> CCIE #19963

Blogs and organic groups at http://www.ccie.net

• Next message: Vikram Singh: "Re: GDM and CUE"
• Previous message: Antonie Henning - MWEB: "RE: advice about 3640"
• Maybe in reply to: Alexei Monastyrnyi: "Re: turning off Xauth for Easy VPN NEM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART