Working even if missing some commands - VPNclient

Working even if missing some commands - VPNclient

Post by AM » Sat, 03 Jun 2006 00:31:58


Hi to all

a VPNclient works fine to an 877-SEC-K9 even if the following commands are not present

aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common

I thought they were essential for the VPNclient to connect.
Certainly I am wrong, but I don't know why and where.

TIA,
Alessandro
 
 
 

Working even if missing some commands - VPNclient

Post by Vika » Sat, 03 Jun 2006 18:11:16

Hello,

These are the AAA configuration options for local database and will
only be required if you are using user authentication with VPN client
crypto map <yourmap> client authentication list userauthen
crypto map <yourmap> isakmp authorization list groupauthor
If the above two commands are there then you would require the AAA
configuration commands.

If you do not have these two commands the VPN client will not prompt
the user for a username and password and only the group preshared key
will do the authentication. Little security problem tho.

Check this configuration out:
http://www.yqcomputer.com/
This is for
Configuring Cisco VPN Client 3.x for Windows to IOS Using Local
Extended Authentication

 
 
 

Working even if missing some commands - VPNclient

Post by AM » Tue, 06 Jun 2006 19:45:45


> crypto map <yourmap> isakmp authorization list groupauthor

That's not true, because each time I connect to the router it uses both the group and user authorization.

Maybe are those commands there present in the router by default?


Thanks,

alex.