Configure Cisco Easy VPN Remote for Access Routers
Task 4 – (optional) initiate the VPN tunnel (XAUTH)

Task 4 is also optional. If XAUTH is not being used, then skip this task.

With XAUTH configured, the VPN tunnel must be initiated manually, for at least the first time. The Cisco IOS software message shown in Figure is displayed because the software is waiting for a valid XAUTH username and password. This message will be displayed whenever an administrator logs in to the remote router console port.

Step 1 Enter the crypto ipsec client ezvpn xauth command.
Step 2 Enter the username and password as prompted.

Which of two options happens next is determined by the XAUTH configuration:

  • With just the XAUTH feature enabled, when the SA expires, the username and password must be re-entered manually. This process is ongoing. The same Cisco IOS message will be displayed and the user will have to repeat this manual process to re-authenticate each time.
  • With the XAUTH password save enabled, when the SA expires, the last valid username and password will be reused automatically. This option is the more popular of the two.