12-15-2014 12:59 PM
We have a VPN setup with EasyVPN with a requirement of secure unit authentication. We are having intermittent issues with it. Sometimes the client ASA will boot up and appears to attempt negotiate the VPN connection. Other times, it comes up fine and the credentials can be entered to connect. I also noticed that when we tried user authentication, the Cisco phone behind the ASA would never work, even though we had it's mac address in the bypass list on the client ASA. If someone has an example configuration, would appreciate it. Since it works sometimes, I wouldn't think a firewall would be blocking the connection. It's like the client ASA attempts to establish the VPN tunnel even though it doesn't have a username configured for the tunnel. Only the username for the VPN group is configured. Any help is appreciated.
Solved! Go to Solution.
12-17-2014 11:40 AM
Found the issue. Problem was in configuration of the IPSec IKEV1 connection profiles under:
Remote Access VPN>Network (Client) Access IPSec Connection profiles.
In the profile config under Advanced>IPsec>IKE Authentication.
We had to uncheck the setting SEND "Enter Username and Password" prompt in XAUTH request.
Found the issue. Problem was in configuration of the IPSec IKEV1 connection profiles under:
Remote Access VPN>Network (Client) Access IPSec Connection profiles.
In the profile config under Advanced>IPsec>IKE Authentication.
We had to uncheck the setting SEND "Enter Username and Password" prompt in XAUTH request.
12-15-2014 01:11 PM
I want to make sure your question receives the attention it deserves and has the best visibility. Did you intend to post to the Project Squared space in the Collaboration Community or to the Security Community?
I can move this post to the appropriate space - please reply with your instructions.
Thank you.
Kelli Glass
Moderator for Cisco Customer Communities
12-15-2014 01:16 PM
Hi,
I actually had it posted already in the public facing community for Security/VPN. I haven’t seen a response so far. If that post is enough, then I guess this one can be removed. Just trying to get an answer to the post as I haven’t seen a response for 2 days.
Regards,
Bill
12-15-2014 01:27 PM
Bill,
You posted to the Cisco Support Community, which is a good place for you to post for feedback and information.
I'll move this thread to the Security Community and will try to find a Cisco expert to respond to your question. The URL will remain the same.
Kelli
12-17-2014 11:40 AM
Found the issue. Problem was in configuration of the IPSec IKEV1 connection profiles under:
Remote Access VPN>Network (Client) Access IPSec Connection profiles.
In the profile config under Advanced>IPsec>IKE Authentication.
We had to uncheck the setting SEND "Enter Username and Password" prompt in XAUTH request.
Found the issue. Problem was in configuration of the IPSec IKEV1 connection profiles under:
Remote Access VPN>Network (Client) Access IPSec Connection profiles.
In the profile config under Advanced>IPsec>IKE Authentication.
We had to uncheck the setting SEND "Enter Username and Password" prompt in XAUTH request.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide