Cisco Easy VPN Remote uses one of three available authentication
methods:
- No XAUTH – When no XAUTH is used, there is no authentication for the user
when establishing the VPN tunnels. This is the least secure practice when
configuring and using Cisco Easy VPN Remote.
- XAUTH with no password save feature – This is better than no XAUTH, but it
requires that users re-enter the password each time they need to establish the
VPN tunnel. This may occur several times in one VPN session. Although this is
the most secure form of authentication for Cisco Easy VPN Remote, it is also
the most bothersome to users.
- XAUTH with password save feature – Using the password save function, users
need only enter their password once when establishing the VPN tunnel. After
that, the Cisco Easy VPN Remote automatically re-enters the password when
required.
Enabling the XAUTH save password feature is an optional step. When
configured, it allows the Easy VPN Remote to save and reuse the last validated
username and password for reauthentication. This means that a user no longer
needs to re-enter the information manually. This step could have been done
earlier, in Step 1 of Task 4, while performing the crypto isakmp
client configuration group command.
Use the
save-password command in ISAKMP group configuration mode as
shown in Figure
. This command
has no arguments or keywords.
 |
NOTE:
Please note that the save password feature must be configured for both
the Cisco Easy VPN Server and the Cisco Easy VPN Remote.
|