Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
5
Helpful
4
Replies

Cisco ASA 5505 is it possibel to create a VPN PRESHARED without it authentication with the local user?

vnon3luv701
Level 1
Level 1

‎02-23-2017 03:06 PM

Hi, 

under my ASA in local there isn't any user and we don't' want to create one. We want everyone in our small office to have a Preshared key and with a Tunnel group that it, we don't want it to authenticate with the local user because we have none.

Each time I try to connect with VPN client, after entering the tunnel group and the preshared key it will ask me for a username and password which is referring to a local user which we don't have. 

Any input? Thank you. 


   

Labels:
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-23-2017 05:44 PM

You can't stop the username/password prompt.  You could just create a dummy user that everyone uses.

0 Helpful

Georg Pauwen
VIP
VIP

‎02-23-2017 11:43 PM

Hello,

I am not sure if this helps, but if you don't want your AnyConnect users (assuming that AnyConnect is what your VPN clients are using) to be prompted, you might consider configuring SBL (Start Before Logon)...

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure-vpn.html#ID-1428-000000d7

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Georg Pauwen

‎02-26-2017 11:12 AM

SBL does not remove the username/password prompt.

I guess the only way to remove it would be to go to a full certificate deployment.  This is definitely not something you would want to do if the effort to creating a user account is already too much.

vnon3luv701
Level 1
Level 1
In response to Philip D'Ath

‎02-28-2017 04:28 PM

I found a config from a friend that helped with the setup, it no longer asks for a username and password. Not sure exactly which command field but I'm assuming  isakmp ikev1-user-authentication none?

group-policy name internal                      

group-policy name attributes                  

 dns-server value 192.168.10.2               

 dhcp-network-scope 172.25.25.0                         

 vpn-tunnel-protocol IPSec                       

 split-tunnel-policy tunnelspecified                       

 split-tunnel-network-list value name_splitTunnelAcl                   

 default-domain value name.local                        

tunnel-group name type remote-access              

tunnel-group name general-attributes                

 default-group-policy name                     

 dhcp-server 192.168.10.2                        

tunnel-group name ipsec-attributes                     

 pre-shared-key fkjfh89ue          

 isakmp ikev1-user-authentication none

0 Helpful
Customers Also Viewed These Support Documents