https://community.cisco.com/t5/network-security/x-auth-on-per-group-basis-in-pix/m-p/133403#M638427 <HTML><HEAD></HEAD><BODY><P>Hi Naman,</P><P></P><P>Let me see we can answer you second issue, that will take care of the first one.</P><P></P><P>You can create separate method for the console port so that you are not asked for the username/password in it, it will ask you only the vty /telnet password .</P><P></P><P>aaa authen login conmethod line</P><P></P><P>line con 0</P><P>login authentication conmethod</P><P>password <PASSWROD></PASSWROD></P><P></P><P>Thanks</P><P>Sujit</P><P></P><P></P></BODY></HTML> Fri, 06 Jun 2003 03:56:39 GMT sghosh 2003-06-06T03:56:39Z https://community.cisco.com/t5/network-security/x-auth-on-per-group-basis-in-pix/m-p/133402#M638426 <P>Hi,</P><P>Is it possible disable X-Auth for a particular Group, when it has been enabled globaly using the command "crypto map vpnmap client authentication internal-radius" for all Other groups ?</P><P></P><P>I need to have an IOS Router connected to the PIX using EzVPN Client, however with X-Auth enabled (which is enabled to take care of other groups with Software VPN Clients), the user will have to enter the username\password at the Router Console, which is not desired.</P><P></P><P>Regards \\ Naman</P> Fri, 21 Feb 2020 06:47:10 GMT https://community.cisco.com/t5/network-security/x-auth-on-per-group-basis-in-pix/m-p/133402#M638426 mnlatif 2020-02-21T06:47:10Z https://community.cisco.com/t5/network-security/x-auth-on-per-group-basis-in-pix/m-p/133403#M638427 <HTML><HEAD></HEAD><BODY><P>Hi Naman,</P><P></P><P>Let me see we can answer you second issue, that will take care of the first one.</P><P></P><P>You can create separate method for the console port so that you are not asked for the username/password in it, it will ask you only the vty /telnet password .</P><P></P><P>aaa authen login conmethod line</P><P></P><P>line con 0</P><P>login authentication conmethod</P><P>password <PASSWROD></PASSWROD></P><P></P><P>Thanks</P><P>Sujit</P><P></P><P></P></BODY></HTML> Fri, 06 Jun 2003 03:56:39 GMT https://community.cisco.com/t5/network-security/x-auth-on-per-group-basis-in-pix/m-p/133403#M638427 sghosh 2003-06-06T03:56:39Z https://community.cisco.com/t5/network-security/x-auth-on-per-group-basis-in-pix/m-p/133404#M638428 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You need to configure exception for this. Here is the link that will help in configurin g this.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb72d.html#29251" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb72d.html#29251</A></P><P></P><P>Thanks,</P><P></P><P>Mynul</P></BODY></HTML> Fri, 06 Jun 2003 05:22:44 GMT https://community.cisco.com/t5/network-security/x-auth-on-per-group-basis-in-pix/m-p/133404#M638428 mhoda 2003-06-06T05:22:44Z https://community.cisco.com/t5/network-security/x-auth-on-per-group-basis-in-pix/m-p/133405#M638429 <HTML><HEAD></HEAD><BODY><P>Hi Mynul,</P><P>Well. This applies to the Site-Site VPN, which we have already configured this way. My question was for VPN Groups.</P><P>E.g. Lets say there are two VPN Groups with "Clients" and "EzVPN", X-Auth is enabled globally.</P><P></P><P>Now PC Clients using (Cisco VPN Software) connect to Group "Clients" and are propmpted for their Username\Password, which is fine.</P><P></P><P>However the Cisco IOS Routers connects to Group EzVPN, and has to go through X-Auth, which means that at the Cisco Router Console "a User" will have to type "crypto ipsec client ezvpn xauth" and then Enter Username\Passwd. This is What i Want to Avoid ?</P><P>If i can make an exception that though X-Auth is enabled globaly but Shouldn't be required for "EzVPN" group, Is it possible ?</P><P></P><P>Regards \\ Naman</P></BODY></HTML> Fri, 06 Jun 2003 16:24:20 GMT https://community.cisco.com/t5/network-security/x-auth-on-per-group-basis-in-pix/m-p/133405#M638429 mnlatif 2003-06-06T16:24:20Z