You can store your XAUTH password in /etc/crets if you do not use NetworkManager and if you're not using a one time token: # Might also need _exact_ ike= and esp= lines # Commonly needed to talk to Cisco server This is mostly a mirror image of the server side Assuming that your office servers behind this VPN server uses 10.231.246.0/24, you would add the following iptables rules
#CISCO IPSEC VPN CLIENT AGGRESSIVE MODE CONFIGURE 2900 FULL#
In this example, the IP pool is 10.231.247.0/24 so on the VPN server you would need to provide some NAT rules if you wish to offer full internet connectivity through the VPN. # exclude networks used on server side by adding %v4:!a.b.c.0/24 Server nf for XAUTH/RSA # libreswan /etc/nf configuration file The password can also contain a one time password (OTP) such as Google Authenticator Apart from the X.509 authentication, XAUTH also requires a username and password. In this scenario, libreswan is configured with an IP address pool, and it assigns an IP to connecting clients. It can be deployed using a group shared key (PSK) or X.509 certificates. These days, IKEv1 / XAUTH is the most commonly used IPsec connection method. Blackberry devices also do not support this method. Notably, Microsoft Windows does not support XAUTH natively. Microsoft Windows using a third party client such as the Cisco client, or the free Shrew Soft client.
![cisco ipsec vpn client aggressive mode configure 2900 cisco ipsec vpn client aggressive mode configure 2900](https://www.firewall.cx/images/stories/cisco-routers-s2s-ipsec-vpn-1.png)
Linux with NetworkManager or commandline.
![cisco ipsec vpn client aggressive mode configure 2900 cisco ipsec vpn client aggressive mode configure 2900](https://1.bp.blogspot.com/-R3E9PajiVyo/U6ZdHJN5tYI/AAAAAAAABS8/PWQnMV4m7Do/s1600/ez4.jpg)
![cisco ipsec vpn client aggressive mode configure 2900 cisco ipsec vpn client aggressive mode configure 2900](https://www.cisco.com/c/dam/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble-8.gif)