Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
496
Views
0
Helpful
1
Replies

EzVPN and XAUTH

Go to solution
reinke
Level 1
Level 1

‎06-21-2004 09:58 AM

An IOS hardware client with XAUTH enabled on both client and server prompts for an username and password, which must be entered manually via cli.

Is it possible to store the username and password locally on the hardware client allowing xauth phase to be completed without user invention? Which commands have to be used on client and server?

Tanks in advance

Edgar

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎06-22-2004 08:51 PM

I'm assuming you have an IOS server also. The "save-password" option under the EzVPN config was added to the VPN Server in 12.3(2)T code. Note this command is configured on the SERVER, not on the client.

The client has to be running at least 12.3(4)T code to support this feature. After configuring "save-password" on the server, you will need to use the manual command on the client to build the tunnel one more time. During the following tunnel negotiation, the client is then notified that it is allowed to save the password locally. Once that is done, follow this:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/ftezvpnr.htm#wp1145535

If you try to store the password on the client, without it being enabled on the server, and without building the tunnel once more manually so that the client finds out about the policy change, you get an error on the client saying "Unable to save passwords" (or something like that).

View solution in original post

0 Helpful
1 Reply 1

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎06-22-2004 08:51 PM

I'm assuming you have an IOS server also. The "save-password" option under the EzVPN config was added to the VPN Server in 12.3(2)T code. Note this command is configured on the SERVER, not on the client.

The client has to be running at least 12.3(4)T code to support this feature. After configuring "save-password" on the server, you will need to use the manual command on the client to build the tunnel one more time. During the following tunnel negotiation, the client is then notified that it is allowed to save the password locally. Once that is done, follow this:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/ftezvpnr.htm#wp1145535

If you try to store the password on the client, without it being enabled on the server, and without building the tunnel once more manually so that the client finds out about the policy change, you get an error on the client saying "Unable to save passwords" (or something like that).

0 Helpful
Customers Also Viewed These Support Documents