problem with xauth in ezvpn client mode

sebastan_bach · ‎01-25-2006

i have a strange problem i just want to clarify i have enabled client mode vpn with xauth. the client router asks for xauth and the server is configured with save password command.the client router prompted once for username and password then the client mode vpn is up and running. as per the documentation when xauth is enabled and when the users try to access the server side lan the users should be prompted for username and passsword. bt it doesn't happen that way could anyone pls tell why and how to get this working. .or this is the way it works. i am really confused abt it

sebastan

johnd2310 · ‎01-26-2006

Hi Sebastan,

If xauth is configured for http-intercept the the user is presented with a login window when they start an http connection to the remote site. Altenetively the user can login interactively at the router cli.

In your case what is the config of the xauth, the line that reads: "xauth userid mode"

**Please rate posts you find helpful**

sebastan_bach · ‎01-26-2006

hi john in my case the xauth userid states local . do i have to set up tp http interractive .and one more thing i wanted to know the save password feature should be enabled on both the client and the vpn server router? i am not sure of this. pls guide me on this thank u .

sebastan

johnd2310 · ‎01-28-2006

Hi Sebastan,

Usually i use "xauth userid mode local" if i want the client to connect automatically, user will not be prompted since username and password are entered in config. In this case your config would look something like this:

connect auto

group xyz key xyz

mode client

peer a.b.c.d

username xyz password xyz

xauth userid mode local

Enter the "group" and key if you are using groups on the server. The "username" "password" is the username and password saved on the server. "xauth userid mode local" tell the client to use the "username" and "password" in the client config.

User the http interactive if user is connecting from home

**Please rate posts you find helpful**

sebastan_bach · ‎01-29-2006

hi john thanks for ur reply. u mean to say setting the xauth userid mode to local . the client router when connects to to the server it won't ask for password it take the user and password from the config u just said.for this to work i read somewhere both the client and server routers needs to have save password command am i right. i have one more query that can i have a user getting user prompt who is connected to the client router while connecting to vpn server. is it possible . pls reply and thanks for all ur help on this john .

sebastan

johnd2310 · ‎01-30-2006

Hi Sebastan,

yes, if you use "xauth userid mode local" the client will connect automatically using the username and password from the config. You also have to enter the username and password on the server and configure the server to authenticate the user using the local database. What are you using for the vpn server, router, pix or vpn concentrator? For the user to be prompted to authenticate you will have to use the following config:

connect manual

group xyz key xyz

mode client

peer a.b.c.d

xauth userid mode http-intercept

With this example the user will have to start a web session to authenticate.

Hope this helps

regards

John

**Please rate posts you find helpful**

sebastan_bach · ‎01-31-2006

hi john thanks for ur help buddy. my scenario is like this.subnet 10.1.1.0/24 behind easy vpn server it's a router connected to a router and then to a eazy vpn client router . now in client mode the eazy vpn client router connects to the eazy vpn server router and the tunnel is up. now i want a user sitting on the subnet behind the eazy vpn client while accessing the web server on the eazy vpn server subnet he should be prompted for username and password. it's nice to discuss issues with u john. my email address is sebastan.bach@gmail.com , sebastan_bach@yahoo.com

what's ues. hope to get in touch with u .

sebastan