Configure the Easy VPN Server
Task 11 – (optional) Enable XAUTH save password feature

Cisco Easy VPN Remote uses one of three available authentication methods:

  • No XAUTH – When no XAUTH is used, there is no authentication for the user when establishing the VPN tunnels. This is the least secure practice when configuring and using Cisco Easy VPN Remote.
  • XAUTH with no password save feature – This is better than no XAUTH, but it requires that users re-enter the password each time they need to establish the VPN tunnel. This may occur several times in one VPN session. Although this is the most secure form of authentication for Cisco Easy VPN Remote, it is also the most bothersome to users.
  • XAUTH with password save feature – Using the password save function, users need only enter their password once when establishing the VPN tunnel. After that, the Cisco Easy VPN Remote automatically re-enters the password when required.

Enabling the XAUTH save password feature is an optional step. When configured, it allows the Easy VPN Remote to save and reuse the last validated username and password for reauthentication. This means that a user no longer needs to re-enter the information manually. This step could have been done earlier, in Step 1 of Task 4, while performing the crypto isakmp client configuration group command.

Use the save-password command in ISAKMP group configuration mode as shown in Figure . This command has no arguments or keywords.

NOTE:

Please note that the save password feature must be configured for both the Cisco Easy VPN Server and the Cisco Easy VPN Remote.


Lab Activity

Lab Exercise: Configure Remote Access Using Cisco Easy VPN

In this lab, students will learn to enable policy lookup via authentication, authorization, and accounting (AAA). Students will then define group policy information for mode configuration push. Students will also configure and verify the IPSec transforms and crypto maps. Students will also learn to install and configure the Cisco VPN Client 4.0 or later, and then use the VPN Client to connect to the corporate Intranet.

Lab Activity

Lab Exercise: Configure Cisco Easy VPN Server with NAT

In this lab, students will first verify the Easy VPN Server configuration. Students will learn to configure and modify PAT using both SDM and CLI. Students will also test remote connectivity.