Learn how to a build a cloud-first strategyRegister Now


migrating VPN user name and passwords

Posted on 2007-10-01
Medium Priority
Last Modified: 2010-04-09
I am migrating from a pix 515 to an ASA 5520. I was wondering if there is an easy way to move the vpn users? Or do I have to get each one to call me to set up a new password? Thanks in advance
Question by:wilsj
  • 2
  • 2
LVL 36

Expert Comment

ID: 19991030
It depends on how you are performing the authentication.
On the PIX you normally have different vpngroups which have a password assign to them. These can simply be copied across from one config to the other.

You then also normally use Xauth aswell which is where the vpn client pops up a window asking for your username and password. This is tied into local users frated on the pix, or a radius or tacacs authentication server.
Either way you can just copy across the local users to configure the ASA to use the same authentication server.

Author Comment

ID: 19991070
I am using authentication LOCAL. So all users are on the firewall. I kinda confused about just copying the users over because the passwords are encrypted.
LVL 36

Accepted Solution

grblades earned 2000 total points
ID: 19991109
The fact that the passwords are encrypted does not matter as the ASA/PIX itself will encrypt the password supplied by the connecting client and match it to the encrypted version of the password stored in the configuration.

Its just a way of stopping the passwords being listed in an easily human readable way whenever you show the configuration.

Author Comment

ID: 19991163
thanks for the help it worked fine.

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question