https://community.cisco.com/t5/network-security/asa-vpn-client-asking-me-to-authenticate/m-p/1070256#M896462 <P>Im probably being a total muppet but my vpn client is asking me to authenticate when I havent set authentication up.</P><P></P><P>I would be extremely greatful with any help as Im used to configuring PIX's which are far easier!</P><P></P><P>Here is the client portion of my config:</P><P></P><P>group-policy EGRASUSER internal</P><P>group-policy EGRASUSER attributes</P><P> wins-server value xxxxxxxxxxx</P><P> dns-server value xxxxxxxxx</P><P> split-tunnel-policy tunnelspecified</P><P> split-tunnel-network-list value sptnl</P><P> default-domain value xxxxxxxx</P><P>tunnel-group EGRASUSER type ipsec-ra</P><P>tunnel-group EGRASUSER general-attributes</P><P> address-pool EGRASPOOL</P><P> default-group-policy EGRASUSER</P><P>tunnel-group EGRASUSER ipsec-attributes</P><P> pre-shared-key *</P><P>!</P><P>class-map inspection_default</P><P> match default-inspection-traffic</P><P>!</P><P>!</P><P>policy-map type inspect dns preset_dns_map</P><P> parameters</P><P> message-length maximum 512</P><P>policy-map global_policy</P><P> class inspection_default</P><P> inspect dns preset_dns_map</P><P> inspect ftp</P><P> inspect h323 h225</P><P> inspect h323 ras</P><P> inspect rsh</P><P> inspect rtsp</P><P> inspect esmtp</P><P> inspect sqlnet</P><P> inspect skinny</P><P> inspect sunrpc</P><P> inspect xdmcp</P><P> inspect sip</P><P> inspect netbios</P><P> inspect tftp</P><P>!</P><P>service-policy global_policy global</P> Mon, 11 Mar 2019 13:43:37 GMT danparsons 2019-03-11T13:43:37Z https://community.cisco.com/t5/network-security/asa-vpn-client-asking-me-to-authenticate/m-p/1070256#M896462 <P>Im probably being a total muppet but my vpn client is asking me to authenticate when I havent set authentication up.</P><P></P><P>I would be extremely greatful with any help as Im used to configuring PIX's which are far easier!</P><P></P><P>Here is the client portion of my config:</P><P></P><P>group-policy EGRASUSER internal</P><P>group-policy EGRASUSER attributes</P><P> wins-server value xxxxxxxxxxx</P><P> dns-server value xxxxxxxxx</P><P> split-tunnel-policy tunnelspecified</P><P> split-tunnel-network-list value sptnl</P><P> default-domain value xxxxxxxx</P><P>tunnel-group EGRASUSER type ipsec-ra</P><P>tunnel-group EGRASUSER general-attributes</P><P> address-pool EGRASPOOL</P><P> default-group-policy EGRASUSER</P><P>tunnel-group EGRASUSER ipsec-attributes</P><P> pre-shared-key *</P><P>!</P><P>class-map inspection_default</P><P> match default-inspection-traffic</P><P>!</P><P>!</P><P>policy-map type inspect dns preset_dns_map</P><P> parameters</P><P> message-length maximum 512</P><P>policy-map global_policy</P><P> class inspection_default</P><P> inspect dns preset_dns_map</P><P> inspect ftp</P><P> inspect h323 h225</P><P> inspect h323 ras</P><P> inspect rsh</P><P> inspect rtsp</P><P> inspect esmtp</P><P> inspect sqlnet</P><P> inspect skinny</P><P> inspect sunrpc</P><P> inspect xdmcp</P><P> inspect sip</P><P> inspect netbios</P><P> inspect tftp</P><P>!</P><P>service-policy global_policy global</P> Mon, 11 Mar 2019 13:43:37 GMT https://community.cisco.com/t5/network-security/asa-vpn-client-asking-me-to-authenticate/m-p/1070256#M896462 danparsons 2019-03-11T13:43:37Z https://community.cisco.com/t5/network-security/asa-vpn-client-asking-me-to-authenticate/m-p/1070257#M896465 <HTML><HEAD></HEAD><BODY><P>Daniel,</P><P></P><P>Be default if you do not specific ANY config in the profile "EGRASUSER" then the device will apply any "default" configuration from the "DfltGrpPolicy" attirbutes.</P><P></P><P>So if you do not want any user auth the config the below:-</P><P></P><P>group-policy EGRASUSER attributes</P><P>authentication-server-group none </P><P></P><P>The above means you will only auth on IKE. My advise would be NOT to do this, as you only have 1 factor authentication - security best practise says you should have 2 or more.</P><P></P><P>If you do not want to authenticate to a back AD/RADIUS or LDAP - then authenticate locally:-</P><P></P><P>username &lt;<USERNAME>&gt; password &lt;<PASSWORD>&gt; privilege 0</PASSWORD></USERNAME></P><P></P><P>tunnel-group EGRASUSER general-attributes</P><P>authentication-server-group LOCAL </P><P></P><P>HTH&gt;</P><P></P><P></P><P></P><P></P><P></P><P></P></BODY></HTML> Fri, 12 Sep 2008 09:35:08 GMT https://community.cisco.com/t5/network-security/asa-vpn-client-asking-me-to-authenticate/m-p/1070257#M896465 andrew.prince 2008-09-12T09:35:08Z