cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


706
Views
0
Helpful
4
Replies
Highlighted
Beginner

ASA EasyVPN with Secure unit authentication amber light

  We have a VPN setup with EasyVPN with a requirement of secure unit authentication.  We are having intermittent issues with it.  Sometimes the client ASA will boot up and appears to attempt negotiate the VPN connection. Other times, it comes up fine and the credentials can be entered to connect.  I also noticed that when we tried user authentication, the Cisco phone behind the ASA would never work, even though we had it's mac address in the bypass list on the client ASA.  If someone has an example configuration, would appreciate it. Since it works sometimes, I wouldn't think a firewall would be blocking the connection. It's like the client ASA attempts to establish the VPN tunnel even though it doesn't have a username configured for the tunnel.  Only the username for the VPN group is configured.  Any help is appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: ASA EasyVPN with Secure unit authentication amber light

Found the issue. Problem was in configuration of the IPSec IKEV1 connection profiles under:

Remote Access VPN>Network (Client) Access IPSec Connection profiles.

In the profile config under Advanced>IPsec>IKE Authentication.

We had to uncheck the setting SEND "Enter Username and Password" prompt in XAUTH request.

Found the issue. Problem was in configuration of the IPSec IKEV1 connection profiles under:

Remote Access VPN>Network (Client) Access IPSec Connection profiles.

In the profile config under Advanced>IPsec>IKE Authentication.

We had to uncheck the setting SEND "Enter Username and Password" prompt in XAUTH request.

4 REPLIES 4
Rising star

Re: ASA EasyVPN with Secure unit authentication amber light

I want to make sure your question receives the attention it deserves and has the best visibility. Did you intend to post to the Project Squared space in the Collaboration Community or to the Security Community?

I can move this post to the appropriate space - please reply with your instructions.

Thank you.

Kelli Glass

Moderator for Cisco Customer Communities

Beginner

Re: ASA EasyVPN with Secure unit authentication amber light

Hi,

I actually had it posted already in the public facing community for Security/VPN. I haven’t seen a response so far. If that post is enough, then I guess this one can be removed. Just trying to get an answer to the post as I haven’t seen a response for 2 days.

Regards,

Bill

Rising star

Re: ASA EasyVPN with Secure unit authentication amber light

Bill,

You posted to the Cisco Support Community, which is a good place for you to post for feedback and information.

I'll move this thread to the Security Community and will try to find a Cisco expert to respond to your question. The URL will remain the same.

Kelli

Beginner

Re: ASA EasyVPN with Secure unit authentication amber light

Found the issue. Problem was in configuration of the IPSec IKEV1 connection profiles under:

Remote Access VPN>Network (Client) Access IPSec Connection profiles.

In the profile config under Advanced>IPsec>IKE Authentication.

We had to uncheck the setting SEND "Enter Username and Password" prompt in XAUTH request.

Found the issue. Problem was in configuration of the IPSec IKEV1 connection profiles under:

Remote Access VPN>Network (Client) Access IPSec Connection profiles.

In the profile config under Advanced>IPsec>IKE Authentication.

We had to uncheck the setting SEND "Enter Username and Password" prompt in XAUTH request.