Hi group, I just did a mini lab scenario where I setup Remote Access IOS EZVPN Server using ACS for authentication and authorization. No ISAKMP Client Group config's were in IOS...they were all on ACS. Pretty much everything was straight forward, but one thing struck me as a bit weird. For the ISAKMP Client Group to work, I had to create a user with the same name of the group (not that weird I guess), and then I had to specify that this user's password be "cisco" (very weird) even though to authenticate the group I have to use the group password and not "cisco" in the IPSec VPN client. I looked everywhere in my IOS and ACS config's, and I didn't see anything where "cisco" could have been referenced. If I change this user's password to anything other than "cisco", everything breaks. This wasn't the XAUTH user either...that was a different one in the default group.
Is this just something to remember to do to make this configuration work, or can anyone provide a little more background info about it? Please let me know if more information is needed. Thanks, Jason
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
