Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
4
Helpful
5
Replies

PIX VPN local Xauth?

jboyer
Level 1
Level 1

‎11-06-2002 08:31 AM - edited ‎02-21-2020 12:09 PM

I tried to configure VPN with Xauth using local authentication on 6.2 code and couldn't get it to work. Has anyone found a way to do this? Is it planned for future releases? This pix is only authenticating a handfull of users and Radius/Tacacs+ is overkill, I just want to enter a few username/password combinations in the config.

Labels:
0 Helpful
5 Replies 5

greg.l.owens
Level 1
Level 1

‎11-06-2002 12:49 PM

I have used it and it works great; however, I would still use a RADIUS. MS makes a RADIUS server that is include with advance Server and Win NT Option Pack

0 Helpful

ROBBY HARRELL
Level 1
Level 1
In response to greg.l.owens

‎11-26-2002 05:25 AM

I have a customer that we set up VPN on a PIX 515 to work with Ciscos Secure Client 1.1 The customer would like to authentication to their vpn. They have only about 5 salespeople who use this vpn access. They run a novell environment with no microsoft servers. They have no radius servers. I was told by a cisco engineer in the spring of 2002 that the new 6.x version of software would include local Xauth. If this is true, how (or what ) are the commands. I have to upgrade their current code (5.3)

0 Helpful

kdurrett
Level 3
Level 3
In response to ROBBY HARRELL

‎11-26-2002 07:50 AM

The new 6.2 does include local xauth but not for vpn. Perhaps you should go back and talk to that engineer to find out when, if ever, local xauth will be supported for vpn authentication. Otherwise you will need some type of radius server as you mentioned you have none.

Kurtis Durrett

0 Helpful

jeff.roback
Level 1
Level 1

‎11-11-2002 11:34 PM

Pix doesn't support local XAUTH authentication. I'd guess it won't be included in future code, since this is a "sell-up" to the concentrators....but who knows!

However, You can use any Windows 2000 Server on your network to authenticate via Internet Authentication Service.

See the technote on cco here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

jboyer
Level 1
Level 1
In response to jeff.roback

‎11-12-2002 06:14 AM

Thanks Jeff, that is kinda what I thought. This client's environment is all NT4 still and I know there is a MS Radius server, but that isn't practical in this situation. Local Xauth on the pix seems like a simple solution though. You may be right in the thinking that Cisco doesn't want to give it too much functionality and hurt the concentrator sales. I think sometimes Cisco's thinking is always big companies/big networks, they don't realize that someone would want to connect just a handful of VPN users to a pix.

0 Helpful
Customers Also Viewed These Support Documents