Re: easy VPN remote + xauth, but without user intervention?

rogelioalvez · ‎09-30-2009

Hello everybody:

I have an opportunity to deploy an ASA (EZvpn server) in the central site and many 800 (EZvpn remote) in the remote sites (these devices with dynamic IP address on their external interfaces).

I would like to follow the idea (based on xauth) suggested in http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml because it would let me configure a different user/passwd to each remote device.

Otherwise, I would be forced to define a wildcard preshared key for all the remote devices.

But the configuration example of the aforementioned URL, IMHO, is not realistic for a real world installation, since it asks the remote users to log into the router, type an IOS command, and enter username/password each time the device needs to be connected.

At least in my case, the best I can ask from the remote users is to unplug the power cable and plug it on again :o)

Then my question is: Â¿is it possible to have eazyVPN remote to use xauth but preconfigure username/password so when the challenge comes from the central site the device can respond on its own without any user intervention???

Thanks a lot in advance, Rogelio

rgonzalch · ‎10-09-2009

Yes it is possible at least on routers.

You have to configure save password comand on the vpn server see the next link to get an idea.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6660/ps6808/deployment_guide_c07_458259_ns855_Networking_Solutions_White_Paper.html

rgonzalch · ‎10-09-2009

and if you want the tunnel always up use connect auto command with this every time when you want some challenge from central site it is possible coz the tunnel is always up.