Re: [OSL | CCIE_Security] EASY VPN Client

Wed, 29 Sep 2010 23:17:01 -0700 

Thanks!

 

From: Kingsley Charles [mailto:[email protected]] 
Sent: 30 September 2010 08:09 AM
To: Johan Bornman
Cc: OSL Security
Subject: Re: [OSL | CCIE_Security] EASY VPN Client

 

Correct.

When you use local, you will not be prompted.

Whether it is local, interactive or http-intercept, it just goes the EzVPN
server and then server decides on whether to authenticate using radius or
local depending on the config.


With regards
Kings

On Thu, Sep 30, 2010 at 11:34 AM, Johan Bornman <[email protected]> wrote:

Ok, so with:

crypto ipsec client ezvpn EZCLIENT

     connect manual

     group REMOTE key ipexpert

     mode client

     peer XX.XX.XX.XX

     virtual-interface 1

           username cisco password cisco

           xauth userid mode local

 

I will not get the prompt, it will use the UN and passw configured above.

 

When interactive is used I will get a prompt and I can either use a local
username and password or go to a radius box, depending on the tunnel-group
configuration. 

 

From: Kingsley Charles [mailto:[email protected]] 
Sent: 30 September 2010 07:45 AM


To: Johan Bornman
Cc: OSL Security
Subject: Re: [OSL | CCIE_Security] EASY VPN Client

 

Radius authentication is irrelevant to xauth mode. The interactive mode, is
where you will be promoted for username/password on the terminal. With http,
you need browse across the IOS router doing EzVPN client after which you get
the portal promting for username/password. Even with http-intercept
configured, you can still see xauth prompt on the terminal



router2(config-crypto-ezvpn)#xauth userid mode ?
  http-intercept  Intercept user's HTTP requests to prompt
  interactive     Prompt the user on the console

With regards
Kings

On Thu, Sep 30, 2010 at 9:35 AM, Johan Bornman <[email protected]> wrote:

Hi,

 

I have a question about xauth userid mode interactive. Does the interactive
part of the command "push" the authentication to the radius server - local
will obviously use the local username and password.

 

Thanks

 

Johan

 


_______________________________________________
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com

 

 


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to