Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN and IPSEC

Status
Not open for further replies.
TheStressFactor

TheStressFactor

IS-IT--Management
Sep 24, 2002
229
US
Hello All,

Quick question...with the Cisco VPN 3.6 you have to enter a group name and password as you all know. I was wondering if I can configure individual usernames rather than one group username in case someone leaves or is terminted. Can this be done when using the cisco vpn client and ipsec?

Any help or advice would be greatly appreciated.
 
Sort by date Sort by votes
HI.

You can use certificates instead.
You can install certificate services on an internal W2K server, and then deploy certificates to the pix and to the VPN clients.
I have not done it in production yet, but if you follow the documentation and after establishing pre-share VPN, it should be possible.

That way, you can revoke a certificate when needed.

Are you using xauth in addition?
Using xauth as second authentication is recommended in either case.
That way when you disable a user account on the Windows domain and/or RADIUS server, even if the user has a valid pre-share key/certificate it will fail the second authentication.

But anyway, I think that multiple vpngroup are possible. I just didn't try to verify this.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Yizhar..thank you...I will try xauth...any good articles on configuring this?
 
Upvote 0 Downvote
Hi Yiz,

Sorry could not anything when I did the search. Any other suggestions or good places to look?
 
Upvote 0 Downvote
Thanks Yizhar..I also found some great documentation on Microsofts and Ciscos site. I want to roll this out on the weekend so I will let you know how it goes.

Thanks again.
 
Upvote 0 Downvote
I'm running xauth for radius, using Cisco's sample documentation at
I'm using multiple vpngroups as well. Each one has its own key (no PKI...yet) and have different security definitions (for example, my employees get to see a lot of servers, my consultants get to see the one server they are allowed on). Also, my wireless stuff doesn't use split tunneling (I'm doing VPN over wireless off of a separate interface).

Works pretty well overall, I'd say. And the users get to use the same login and password as the domain.
 
Upvote 0 Downvote
Hi,
I am also trying to setup VPN Access using that document. The following is the error I am receivng on the client side. Any ideas????


18 12:54:50.739 02/28/03 Sev=Warning/3 IKE/0xE3000061
The XAUTH authentication failed.

19 12:54:50.850 02/28/03 Sev=Warning/3 DIALER/0xE3300015
GI VPN start callback failed "CM_IKE_ESTABLISH_FAILED_AUTH" (19h).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
269
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
282
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
121
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
351
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
86
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top