cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
663
Views
0
Helpful
1
Replies

Can you create a client VPN access without requiring username/password?

donlin123
Level 1
Level 1

My vendor wants me to create a client VPN access for them in my ASA to only use groupname/password without being prompted username/password because they have a automated script that runs at night. Can change do I need to made?

ASA 7(2)1

interface ethernet0

ip address 10.10.4.200 255.255.0.0

nameif outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 43200

isakmp enable outside

ip local pool testpool 192.168.0.10-192.168.0.15

username testuser password 12345678 <--Just remove one line??

crypto ipsec transform set FirstSet esp-3des esp-md5-hmac

tunnel-group testgroup type ipsec-ra

tunnel-group testgroup general-attributes

address-pool testpool

tunnel-group testgroup ipsec-attributes

pre-shared-key xxx

crypto dynamic-map dyn1 1 set transform-set FirstSet

crypto dynamic-map dyn1 1 set reverse-route

crypto map mymap 1 ipsec-isakmp dynamic dyn1

crypto map mymap interface outside

1 Accepted Solution

Accepted Solutions

JORGE RODRIGUEZ
Level 10
Level 10

Donald,

You do not need to remove any users from your local users database. Simply do as follows:

go into

tunnel-group testgroup ipsec-attributes

add this bellow statement

isakmp ikev1-user-authentication none

This will allow vpn client connecting to this particular tunnel to only authenticate through the tunnelgroup testgroup 1st authentication window and after that allow the connection in, this command applies for the tunnel itself, so it will apply for any users connecting to this tunnel, if this is not what you are trying to acomplish but for just one user you could create another tunnel group and have two diferent tunnel groups, one that requires user authentication and another tunnel that does not require users authentication.

HTH

-Jorge

Jorge Rodriguez

View solution in original post

1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

Donald,

You do not need to remove any users from your local users database. Simply do as follows:

go into

tunnel-group testgroup ipsec-attributes

add this bellow statement

isakmp ikev1-user-authentication none

This will allow vpn client connecting to this particular tunnel to only authenticate through the tunnelgroup testgroup 1st authentication window and after that allow the connection in, this command applies for the tunnel itself, so it will apply for any users connecting to this tunnel, if this is not what you are trying to acomplish but for just one user you could create another tunnel group and have two diferent tunnel groups, one that requires user authentication and another tunnel that does not require users authentication.

HTH

-Jorge

Jorge Rodriguez
Review Cisco Networking for a $25 gift card