02-21-2012 03:30 AM
Hi,
Does anyone know if it is possible to enable Xauth on pix. I have read multiple threads about using the following cmds:
username test123password testing privilege 2
aaa-server LOCAL protocol local
crypto map mycrypto client authentication LOCAL
However the f/w wont let me add the crypto map cmd, just comes back with the following:
PIX(config)# c.rypto map mycryptomap client authenication LOCAL
Usage: [ show ] crypto { ca | dynamic-map | ipsec | isakmp | map | sa } ...
show crypto engine [verify]
[ show | clear ] crypto interface [counters]
Being pix I cant get anymore help from it. I also tried the following, but they dont work and I am not sure if they are meant for Xauth since I was under the impression that it had to be enabled globally.
PIX(config)# vpngroup test authentication-server LOCAL
Protocol "local" is not supported for authentication of remote users of a h/w client
PIX(config)# vpngroup test user-authentication
Please configure an authentication server before enabling user authentication.
This is the details of the f/w:
Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)
Hardware: PIX-506E, 32 MB RAM, CPU Pentium II 300 MHz
Flash E28F640J3 @ 0x300, 8MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
This PIX has a Restricted (R) license.
Has anyone encountered this problem or know how to fix it? Everything I read on Internet and past threads suggests that the crypto map cmd should work, so cant understand why the firewall wont take it.
Thanks
02-21-2012 06:14 AM
Remove the AAA server configuration and try entering the command on the crypto map. Also, you don't need to specify an authentication-server group in the vpngroups
02-21-2012 06:29 AM
Here is a link below from Cisco Docs, guide you all the steps of the way.
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/basclnt.html
thanks
Rizwan Rafeek
04-03-2012 09:14 AM
I gave up on this, after trying everything could never get to work. Was easier and better for my sanity to upgrade to an ASA
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide