Correct. When you use local, you will not be prompted.
Whether it is local, interactive or http-intercept, it just goes the EzVPN server and then server decides on whether to authenticate using radius or local depending on the config. With regards Kings On Thu, Sep 30, 2010 at 11:34 AM, Johan Bornman <[email protected]> wrote: > Ok, so with: > > crypto ipsec client ezvpn EZCLIENT > > connect manual > > group REMOTE key ipexpert > > mode client > > peer XX.XX.XX.XX > > virtual-interface 1 > > username cisco password cisco > > xauth userid mode local > > > > I will not get the prompt, it will use the UN and passw configured above. > > > > When interactive is used I will get a prompt and I can either use a local > username and password or go to a radius box, depending on the tunnel-group > configuration. > > > > *From:* Kingsley Charles [mailto:[email protected]] > *Sent:* 30 September 2010 07:45 AM > > *To:* Johan Bornman > *Cc:* OSL Security > *Subject:* Re: [OSL | CCIE_Security] EASY VPN Client > > > > Radius authentication is irrelevant to xauth mode. The interactive mode, is > where you will be promoted for username/password on the terminal. With http, > you need browse across the IOS router doing EzVPN client after which you get > the portal promting for username/password. Even with http-intercept > configured, you can still see xauth prompt on the terminal > > > router2(config-crypto-ezvpn)#xauth userid mode ? > http-intercept Intercept user's HTTP requests to prompt > interactive Prompt the user on the console > > With regards > Kings > > On Thu, Sep 30, 2010 at 9:35 AM, Johan Bornman <[email protected]> wrote: > > Hi, > > > > I have a question about xauth userid mode interactive. Does the > interactive part of the command “push” the authentication to the radius > server – local will obviously use the local username and password. > > > > Thanks > > > > Johan > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
