The no-xauth enable command configures the device not to perform IKEv1 extended authentication for IKE users.
The undo no-xauth enable command cancels the configuration.
By default, the configuration of IKEv1 extended authentication of an IKE user is the same as that of an IKE peer.
In a point-to-multipoint scenario, the device functions as the headquarters gateway, an IPSec policy is created using an IPSec policy template, and the gateway receives IPSec connection setup requests of different branches. When IKEv1 extended authentication is enabled for IKE peers, IKEv1 extended authentication needs to be performed for branches that connect to the headquarters. A branch can establish an IPSec tunnel with the headquarters only when the branch is successfully authenticated. If the branch does not support IKEv1 extended authentication, the branch cannot establish an IPSec tunnel with the headquarters. To address this issue, run the no-xauth enable command to configure the device not to perform IKEv1 extended authentication for IKE users.