Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
0
Helpful
3
Replies

Automatic access with VPN Client?

jimontoro
Level 1
Level 1

‎07-06-2009 03:05 AM

Hello,

is possible have an automaticall access with VPN Client? I have a customer that he wants access with a VPN Client to a remote site without logging in RADIUS, LDAP, etc... Is possible?

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎07-06-2009 07:42 AM

Sure you can by using isakmp parameters in tunnel attributes. On the VPN client just configure the tunnel authentication password which can be saved within the client.

If you do not want user authentication of any kind after configure your tunnel attributes for no user autentication you may use this settings.

Be aware that when using this it will apply to any RA VPN client connecting to that tunnel group, so if you only need this for the purpose of one user I would not recomment to implement it this way, you could use pcf profiles instead to save it in the VPN client which has user's password saved locally and automatically connect.

tunnel-group ipsec-attributes

isakmp ikev1-user-authentication none

Example assume tunnel group name is called RAVPN

tunnel-group RAVPN ipsec-attributes

pre-shared-key

isakmp ikev1-user-authentication none <-- will not ask for second authentication

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i3.html#wp1842328

Regards

Jorge Rodriguez
0 Helpful

jimontoro
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-06-2009 12:12 PM

Thanks Jorge,

but I think that my customer prefer use pcf profiles. The user doesn't have to know the password. This must be transparent for him. How can I do it?

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to jimontoro

‎07-06-2009 02:01 PM

Jose, see password storage configuration section mid page down for PIX/ASA

Cisco VPN Client Password Storage Configuration

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

1- on the PIX/ASA enable password storage in RA vpn attributes

group-policy VPNusers attributes

password-storage enable

2- Edit the pcf file, this file is usualy stored in the VPN software path.

ON the same link above see Cisco VPN client section.

quote from above link

Cisco VPN Client

Edit the .pcf file and modify these parameters:

SaveUserPassword=1

UserPassword=

Regards

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents