Yes I mean that. In the normal Cisco IOS context you normally have like tacacs and local authentication choices so thanks for that bit of information! I will look into how to configure that. Just trying to figure out all the options so we can select one to use.

Thanks,

Greg

Introduced in 6.3, you would do:

crypto map client authentication LOCAL

username password

You can have as many username/password entries as you like.

Any idea how to configure the VPN Client with the username and password for authentication since it only accepts the Group and CA Certificate options?

Thanks,

Greg

Hi Greg,

You do not need to configure username and password within the client. Once the client tries to connect the user will be prompted to enter username and password. Only put in groupname and grouppassword and you'll be fine.

Kind regards,

Leo

Okay so this provides even more authentication? You have to use the VPN Group and then you could also authenticate each user in addition to that?

Sounds like you have to use the VPN Group or a certificate at all times?

Thanks,

Greg

Correct, user authentication is a 2nd level of authentication. You don't actually have to do it (just don't add in the two commands I mentioned previously), and then the client will get in simply with having the correct group name/password or certificate.

I would always use user authentication though, considering the group name/password or cert is stored on the PC all the time. If that PC gets stolen and you have no user authentication set up, the thief has open access into your network. The group name/password or cert authenticate the PC that is connecting, whereas the extra user authentication authenticates the person sitting at that PC.