Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
665
Views
0
Helpful
1
Replies

Can you create a client VPN access without requiring username/password?

Go to solution
donlin123
Level 1
Level 1

‎05-29-2008 07:18 AM - edited ‎03-11-2019 05:51 AM

My vendor wants me to create a client VPN access for them in my ASA to only use groupname/password without being prompted username/password because they have a automated script that runs at night. Can change do I need to made?

ASA 7(2)1

interface ethernet0

ip address 10.10.4.200 255.255.0.0

nameif outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 43200

isakmp enable outside

ip local pool testpool 192.168.0.10-192.168.0.15

username testuser password 12345678 <--Just remove one line??

crypto ipsec transform set FirstSet esp-3des esp-md5-hmac

tunnel-group testgroup type ipsec-ra

tunnel-group testgroup general-attributes

address-pool testpool

tunnel-group testgroup ipsec-attributes

pre-shared-key xxx

crypto dynamic-map dyn1 1 set transform-set FirstSet

crypto dynamic-map dyn1 1 set reverse-route

crypto map mymap 1 ipsec-isakmp dynamic dyn1

crypto map mymap interface outside

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎05-29-2008 09:17 AM

Donald,

You do not need to remove any users from your local users database. Simply do as follows:

go into

tunnel-group testgroup ipsec-attributes

add this bellow statement

isakmp ikev1-user-authentication none

This will allow vpn client connecting to this particular tunnel to only authenticate through the tunnelgroup testgroup 1st authentication window and after that allow the connection in, this command applies for the tunnel itself, so it will apply for any users connecting to this tunnel, if this is not what you are trying to acomplish but for just one user you could create another tunnel group and have two diferent tunnel groups, one that requires user authentication and another tunnel that does not require users authentication.

HTH

-Jorge

Jorge Rodriguez

View solution in original post

0 Helpful
1 Reply 1

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎05-29-2008 09:17 AM

Donald,

You do not need to remove any users from your local users database. Simply do as follows:

go into

tunnel-group testgroup ipsec-attributes

add this bellow statement

isakmp ikev1-user-authentication none

This will allow vpn client connecting to this particular tunnel to only authenticate through the tunnelgroup testgroup 1st authentication window and after that allow the connection in, this command applies for the tunnel itself, so it will apply for any users connecting to this tunnel, if this is not what you are trying to acomplish but for just one user you could create another tunnel group and have two diferent tunnel groups, one that requires user authentication and another tunnel that does not require users authentication.

HTH

-Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card