Task 11 – (optional) Enable XAUTH save password feature
Cisco Easy VPN Remote uses one of three available authentication
methods:
No XAUTH – When no XAUTH is used, there is no authentication for the user
when establishing the VPN tunnels. This is the least secure practice when
configuring and using Cisco Easy VPN Remote.
XAUTH with no password save feature – This is better than no XAUTH, but it
requires that users re-enter the password each time they need to establish the
VPN tunnel. This may occur several times in one VPN session. Although this is
the most secure form of authentication for Cisco Easy VPN Remote, it is also
the most bothersome to users.
XAUTH with password save feature – Using the password save function, users
need only enter their password once when establishing the VPN tunnel. After
that, the Cisco Easy VPN Remote automatically re-enters the password when
required.
Enabling the XAUTH save password feature is an optional step. When
configured, it allows the Easy VPN Remote to save and reuse the last validated
username and password for reauthentication. This means that a user no longer
needs to re-enter the information manually. This step could have been done
earlier, in Step 1 of Task 4, while performing the crypto isakmp
client configuration group command.
Use the
save-password command in ISAKMP group configuration mode as
shown in Figure
. This command
has no arguments or keywords.
NOTE:
Please note that the save password feature must be configured for both
the Cisco Easy VPN Server and the Cisco Easy VPN Remote.
Lab
Exercise: Configure Remote Access Using Cisco Easy VPN
In this lab,
students will learn to enable policy lookup via authentication, authorization,
and accounting (AAA). Students will then define group policy information for
mode configuration push. Students will also configure and verify the IPSec
transforms and crypto maps. Students will also learn to install and configure
the Cisco VPN Client 4.0 or later, and then use the VPN Client to connect to
the corporate Intranet.
Lab
Exercise: Configure Cisco Easy VPN Server with NAT
In this lab, students
will first verify the Easy VPN Server configuration. Students will learn to
configure and modify PAT using both SDM and CLI. Students will also test remote
connectivity.