Hi,
You need "isakmp ikev1-user-authentication none" under "tunnel-group myGROUP ipsec-attributes". It is advisable to have another group for Easy VPN peers and not mix them with users if you use XAUTH - the latter is used for user authentication while IKE is used for device authentication.
On Mar 26, 2008, at 13:01, William wrote:
Hi, I have a setup which consists of a IOS based router connecting to a ASA5500 firewall device. I've got it working in network extension mode but it requires user interaction on the router, heres a cut from the log: *Mar 3 02:50:28.823: EZVPN(EASYVPN): Pending XAuth Request, Please enter the following command: *Mar 3 02:50:28.823: EZVPN: crypto ipsec client ezvpn xauth For the tunnel to be established you have to do `crypto ipsec client ezvpn xauth` from the CLI and enter a username and password. Is there any way I can get around doing the above? I dont want the user to have to enter that, just turn on&go. EasyVPN config looks like: crypto ipsec client ezvpn EASYVPN connect auto group mytunnel key mykey mode network-extension peer mypeer username myusername password mypassword ASA: group-policy myGROUP attributes password-storage enable split-tunnel-policy tunnelspecified split-tunnel-network-list value ezvpn1 nem enable I was under the impression that 'password-storage enable' would do the trick but I still have to enter the password. Any help would be appreciated. Regards, W _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
HTH Kaj -- Kaj J. Niemi <[EMAIL PROTECTED]> +358 45 63 12000
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
