July 8, 2010

cisco vpn 3000 xauth configuration


Example 4-1. Cisco IOS XAUTH Configuration on the IPSec Gateway

hostname vpn-gw1-east
username ezvpn password 0 east
username ezvpn1@vpngroup password 0 ezvpn1east

username ezvpn2@vpngroup password 0 ezvpn2east
aaa new-model
aaa authentication login vpn local
aaa authorization network vpn local
aaa session-id common
ip subnet-zero
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 10 10
crypto ipsec transform-set vpn esp-3des esp-sha-hmac
crypto dynamic-map dynamic 1
set transform-set vpn
reverse-route remote-peer
crypto map vpn client authentication list vpn
crypto map vpn isakmp authorization list vpn
crypto map vpn client configuration address respond
crypto map vpn 3 ipsec-isakmp dynamic dynamic

The addition of the following command on the crypto map enables XAUTH and triggers the XAUTH transaction after IKE phase 1 and before IKE phase 2:

crypto map map-name client authentication list list-name

No comments:

Post a Comment