Configure Extended Authentication
Configuring XAUTH on the Easy VPN Server for your remote VPN Clients involves the
following three steps:
Step 1 Enable AAA login authentication.
Step 2 Define AAA server IP address and encryption key.
Step 3 Enable IKE XAUTH for the crypto map.
To enable AAA login authentication, you use the aaa-server command. The syntax for this
command is as follows:
aaa-server server-tag protocol {tacacs+ | radius}
Besides enabling AAA login authentication, you need to configure the location of the AAA
server by specifying its IP address. The syntax for this variation of the aaa-server command
is as follows:
aaa-server server-tag [(if_name)] host server-ip [key][timeout seconds]
Finally, you need to enable IKE XAUTH for the crypto map that you defined using another
variation of the crypto map command. This syntax for this command is as follows:
crypto map map-name client [token] authentication aaa-server-name
An example configuration for XAUTH that utilizes Terminal Access Controller Access
Control System Plus (TACACS+) is as follows:
pix515a(config)# aaa-server MYSERVER protocol tacacs+
pix515a(config)# aaa-server MYSERVER (inside) host 192.168.1.15 S3cr3TK3y!
pix515a(config)# crypto map MYMAP client authentication MYSERVER