[c-nsp] EasyVPN IOS->ASA55xx with no user interaction?
William
willay at gmail.com
Wed Mar 26 07:01:58 EDT 2008
Hi,
I have a setup which consists of a IOS based router connecting to a
ASA5500 firewall device.
I've got it working in network extension mode but it requires user
interaction on the router, heres a cut from the log:
*Mar 3 02:50:28.823: EZVPN(EASYVPN): Pending XAuth Request, Please
enter the following command:
*Mar 3 02:50:28.823: EZVPN: crypto ipsec client ezvpn xauth
For the tunnel to be established you have to do `crypto ipsec client
ezvpn xauth` from the CLI and enter a username and password.
Is there any way I can get around doing the above? I dont want the
user to have to enter that, just turn on&go.
EasyVPN config looks like:
crypto ipsec client ezvpn EASYVPN
connect auto
group mytunnel key mykey
mode network-extension
peer mypeer
username myusername password mypassword
ASA:
group-policy myGROUP attributes
password-storage enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ezvpn1
nem enable
I was under the impression that 'password-storage enable' would do the
trick but I still have to enter the password.
Any help would be appreciated.
Regards,
W
More information about the cisco-nsp
mailing list