Working even if missing some commands - VPNclient

Discussion in 'Cisco' started by AM, Jun 1, 2006.

  1. AM

    AM Guest

    Hi to all

    a VPNclient works fine to an 877-SEC-K9 even if the following commands are not present

    aaa authentication login userauthen local
    aaa authorization network groupauthor local
    aaa session-id common

    I thought they were essential for the VPNclient to connect.
    Certainly I am wrong, but I don't know why and where.

    AM, Jun 1, 2006
    1. Advertisements

  2. AM

    Vikas Guest


    These are the AAA configuration options for local database and will
    only be required if you are using user authentication with VPN client
    crypto map <yourmap> client authentication list userauthen
    crypto map <yourmap> isakmp authorization list groupauthor
    If the above two commands are there then you would require the AAA
    configuration commands.

    If you do not have these two commands the VPN client will not prompt
    the user for a username and password and only the group preshared key
    will do the authentication. Little security problem tho.

    Check this configuration out:
    This is for
    Configuring Cisco VPN Client 3.x for Windows to IOS Using Local
    Extended Authentication
    Vikas, Jun 2, 2006
    1. Advertisements

  3. AM

    AM Guest

    That's not true, because each time I connect to the router it uses both the group and user authorization.

    Maybe are those commands there present in the router by default?

    AM, Jun 5, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.