Working even if missing some commands - VPNclient

Discussion in 'Cisco' started by AM, Jun 1, 2006.

  1. AM

    AM Guest

    Hi to all

    a VPNclient works fine to an 877-SEC-K9 even if the following commands are not present

    aaa authentication login userauthen local
    aaa authorization network groupauthor local
    !
    aaa session-id common

    I thought they were essential for the VPNclient to connect.
    Certainly I am wrong, but I don't know why and where.

    TIA,
    Alessandro
    AM, Jun 1, 2006
    #1
    1. Advertising

  2. AM

    Vikas Guest

    Hello,

    These are the AAA configuration options for local database and will
    only be required if you are using user authentication with VPN client
    crypto map <yourmap> client authentication list userauthen
    crypto map <yourmap> isakmp authorization list groupauthor
    If the above two commands are there then you would require the AAA
    configuration commands.

    If you do not have these two commands the VPN client will not prompt
    the user for a username and password and only the group preshared key
    will do the authentication. Little security problem tho.

    Check this configuration out:
    http://www.cisco.com/en/US/partner/...s_configuration_example09186a00801c4246.shtml
    This is for
    Configuring Cisco VPN Client 3.x for Windows to IOS Using Local
    Extended Authentication


    AM wrote:
    > Hi to all
    >
    > a VPNclient works fine to an 877-SEC-K9 even if the following commands are not present
    >
    > aaa authentication login userauthen local
    > aaa authorization network groupauthor local
    > !
    > aaa session-id common
    >
    > I thought they were essential for the VPNclient to connect.
    > Certainly I am wrong, but I don't know why and where.
    >
    > TIA,
    > Alessandro
    Vikas, Jun 2, 2006
    #2
    1. Advertising

  3. AM

    AM Guest

    Vikas wrote:
    > Hello,
    >
    > These are the AAA configuration options for local database and will only be required if you are using user authentication with VPN client
    > crypto map <yourmap> client authentication list userauthen
    > crypto map <yourmap> isakmp authorization list groupauthor
    > If the above two commands are there then you would require the AAA configuration commands.
    >
    > If you do not have these two commands the VPN client will not prompt the user for a username and password and only the group preshared key will do the authentication. Little security problem tho.


    That's not true, because each time I connect to the router it uses both the group and user authorization.

    Maybe are those commands there present in the router by default?

    > Check this configuration out:
    > http://www.cisco.com/en/US/partner/...s_configuration_example09186a00801c4246.shtml


    Thanks,

    alex.
    AM, Jun 5, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bill F
    Replies:
    1
    Views:
    437
    Walter Roberson
    Nov 25, 2003
  2. demi
    Replies:
    0
    Views:
    762
  3. demi
    Replies:
    0
    Views:
    1,036
  4. Newcomer
    Replies:
    3
    Views:
    725
    G. Morgan
    Nov 15, 2009
  5. Newcomer
    Replies:
    0
    Views:
    479
    Newcomer
    Nov 14, 2009
Loading...

Share This Page