Folks, I was under the impression that XAUTH is an option feature for EzVPN. At least this is what Cisco documentation says:
< ... The second authentication step is called Extended Authentication or Xauth. In this step, the remote side (in this case the Easy VPN router) submits a username and password to the central site router. This step is the same process as that which occurs when a user of the Cisco VPN software client on a PC enters his or her username and password to activate his or her VPN tunnel. When using the router, the difference is that the router itself is being authenticated to the network, not a PC with Cisco VPN Client software. Xauth is an optional step (it can be disabled) but is normally enabled to improve security. After Xauth is successful and the tunnel comes up, all PCs behind the Easy VPN remote router have access to the tunnel. ...> I want to disable it for faster tunnel establishing. Router EzVPN remote ----------------- ASA EzVPN Server The IPSEC client portion on the EzVPN remote always has the xauth line and it can't be deleted. crypto ipsec client ezvpn TEST connect auto mode network-extension peer 10.0.0.1 idletime 86400 xauth userid mode interactive Moreover, on the ASA acting as EzVPN server I try to disable xauth under the tunnel-group by saying "ikev1-user-authentication none" under the "ipsec-attributes" of the respective tunnel-group. It doesn't seem to have any effects. I see that the client connection tries Main mode, validates the certificate, complete Phase 1 but then it seems to stuck in CONF_XAUTH state and this starts the whole thing over and over again. Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
