RE: turning off Xauth for Easy VPN NEM

From: Zeeshan Sanaullah (zeeshan_dreamcatcher@hotmail.com)
Date: Fri Mar 06 2009 - 15:44:51 ARST

• Next message: GAURAV MADAN: "Re: RSPAN"
• Previous message: Danshtr: "Re: RSPAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Alexei is right

by removing the following commands Xauth is not required for Clients

> *aaa authentication login userauthen local* /
> /*crypto map clientmap client authentication list userauthen

Regards
Zeeshan

> Date: Fri, 6 Mar 2009 12:24:43 +0100
> From: alexeim73@gmail.com
> To: sadiqtanko@gmail.com
> CC: zeeshan_dreamcatcher@hotmail.com; ccielab@groupstudy.com
> Subject: Re: turning off Xauth for Easy VPN NEM
>
> For PIX/ASA it is configurable whether to enable or disable XAuth, this
> i know from experience.
>
> For example, if you don't specify
> crypto map mymap client authentication RADIUS or LOCAL
> in PIX 6, you will get in with just a group authentication /PSK.
>
> I am not 100% positive with IOS implementation, need to lab it up, since
> a rule "assume nothing" is very much in-line with Cisco. :-)
>
> A.
>
> Sadiq Yakasai wrote:
> > I was under the impression that EZVPN works inherently with xauth, but
> > I may have misunderstood the operation completely then. In other
> > words, you cannot disable xauth.
> >
> > Sadiq
> >
> > On Fri, Mar 6, 2009 at 8:49 AM, Alexei Monastyrnyi
> > <alexeim73@gmail.com <mailto:alexeim73@gmail.com>> wrote:
> >
> > Hi.
> >
> > This might help:
> >
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_exampl
e09186a0080808395.shtml
> >
> > I believe if you would just remove the following from EzVPN server
> > side
> > *aaa authentication login userauthen local* /
> > /*crypto map clientmap client authentication list userauthen
> >
> > And remove "** xauth userid mode interactive* " on the client side.
> >
> > Though I haven't labbed that myself.
> >
> > Alternatively you can allow clients using saved passwords and use
> > "* xauth userid mode local" along with appropriate "username abc
> > password xyz" under your EzVPN client configuration.
> >
> > Second option works fine for me. We don't have a control over
> > EzVPN server side, but we asked to allow to use stored passwords
> > and finally got read of software VPN client, moving EzVPN client
> > termination to the edge router.
> >
> > HTH,
> > *A.
> >
> >
> > Zeeshan Sanaullah wrote:
> >
> > Hello !!
> >
> > What is the method to turn Off Xauth for Easy VPN Network
> > Extension Mode
> >
> > So that the Spoke doesnot need to enter Login Credentials.
> >
> >
> > Regards
> > Zeeshan
> >
> > _________________________________________________________________
> > Windows Live Hotmail. more than just e-mail.
> >
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_hm_justgotbetter_howit
> > works_022009
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> >

• Next message: GAURAV MADAN: "Re: RSPAN"
• Previous message: Danshtr: "Re: RSPAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART