09-27-2010 05:13 AM
We are replacing Cisco vpn 3030 Concentrator with Cisco ASA 5550. We are not going to use SSL vpn . We are only going to use IPSec vpn. We have 2 types of IPSec VPN Clients in the field. Software vpn clients (Ver: 5.0.05). & Hardware vpn clients are ASA 5505 (configure with easy vpn ).
I am able to configure & test software vpn client by configuring connection profiles, group policies etc with our new vpn concentrator (ASA 5550).
I am not able to configure & test hardware vpn client (ASA 5505) with Cisco ASA 5550 being the vpn concentrator. It should be noted that easy vpn hardware client is configured as NEM (network extension mode) and the users sitting behind the hardware vpn client authenticate to RSA Secure id server using RSA tokens.
It is the authentication part which is not working as expected. I am able to establish the VPN tunnel between the EZvpn client and VPN Concentrator. The easy vpn group name / password and user name / password are stored locally on the VPN Concentrator. But the users sitting behind hardware vpn are not able to authenticate to the RSA server. Instead they are authenticating to local database.
I want to configure the vpn concentrator (ASA 5550) in such a way that the hardware vpn client should authenticate to local database of vpn concentrator but the users sitting behind should be able to authenticate to RSA secure ID server using RSA tokens.
This is the way it is configured on our old VPN Concentrator (Cisco 3030) today. Hardware clients being VPN 3002.
I am not able to find any documents on Cisco’s web site which explains our scenario. Will need help in configuring the vpn concentrator.
10-26-2010 10:08 AM
Hi,
I see this thread is quite old but unanswered.
Did you get a reply for this?
Do you refer to authenticating username as part of xauth or authenticating users over established VPN tunnel.
Let me know which feature it was on VPN concentrator and I'll try to dig up parity feature.
Marcin
10-26-2010 10:16 AM
Hi Marcin,
I did not get a response from anyone. However I did opened a TAC case with Cisco and after doing a lot of research we found out that we are hitting bug id "CSCtf79521". They requested me to put PER (Product Enhancement Request) which I already did but nothing has been done so far.
Dharmendra
10-26-2010 11:11 AM
Dharmendra,
DId you already make contact with your account team o Cisco side to start prioritizing this?
This is an enhencement request and the business unit is not going to integrate this unless there will be a business case built for it.
Marcin
10-26-2010 11:56 AM
Yes we are working with our account manager to prioritize this request.
Ds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide