Re: Different Authentication For vpngroups On PIX

[Mike Bydalek <mbydalek () contentconnections com>]

Paul Melson wrote:

> -----Original Message-----
> Subject: [fw-wiz] Different Authentication For vpngroups On PIX
>
>  
>
> > Currently we have a PIX 515E with a vpngroup setup to use AAA via. 
> > radius.  What I'm trying to do is create a second vpngroup that doesn't
> >    
> >
> > ...
> Nope, vpngroup user-authentication is only for forcing individual per-IP
> authentication for clients behind a another PIX or VPN3K configured in
> client mode. 
>  
Ah, thank you for clearing this up as I wasn't aware of that.

> I'm not sure you can even do what you propose.  I think it's 1 crypto map
> per interface, 1 client auth method per crypto map until you get to PIX OS
> 7.x on the ASA class firewalls (where you set this up like a VPN3K).
>
> Either way, your crypto map must specify what type of client XAUTH it will
> use.  If it doesn't specify, then no XAUTH is used and it only checks
> vpngroup/password to allow access.  That's what's happening to you now.
>  

This makes sense.

Let me then take this and change my question a little.  What I am trying 
to do is have a server automatically VPN in, backup some files, and then 
disconnect.  In order to do this, one of the options is storing the 
user/pass on the server (not the best idea in the world, but if I have 
to, I have to).  So, what would then be the best way to setup for this 
scenario?

Thank you,
Mike Bydalek
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards