Firewall Wizards mailing list archives
Re: Different Authentication For vpngroups On PIX
From: Mike Bydalek <mbydalek () contentconnections com>
Date: Thu, 22 Sep 2005 10:20:53 -0700
Paul Melson wrote:
-----Original Message----- Subject: [fw-wiz] Different Authentication For vpngroups On PIXCurrently we have a PIX 515E with a vpngroup setup to use AAA via. radius. What I'm trying to do is create a second vpngroup that doesn't...Nope, vpngroup user-authentication is only for forcing individual per-IP authentication for clients behind a another PIX or VPN3K configured inclient mode.
Ah, thank you for clearing this up as I wasn't aware of that.
I'm not sure you can even do what you propose. I think it's 1 crypto map per interface, 1 client auth method per crypto map until you get to PIX OS 7.x on the ASA class firewalls (where you set this up like a VPN3K). Either way, your crypto map must specify what type of client XAUTH it will use. If it doesn't specify, then no XAUTH is used and it only checks vpngroup/password to allow access. That's what's happening to you now.
This makes sense.Let me then take this and change my question a little. What I am trying to do is have a server automatically VPN in, backup some files, and then disconnect. In order to do this, one of the options is storing the user/pass on the server (not the best idea in the world, but if I have to, I have to). So, what would then be the best way to setup for this scenario?
Thank you, Mike Bydalek _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Different Authentication For vpngroups On PIX Paul Melson (Oct 05)
- Re: Different Authentication For vpngroups On PIX Mike Bydalek (Oct 05)
- RE: Different Authentication For vpngroups On PIX Paul Melson (Oct 06)
- Re: Different Authentication For vpngroups On PIX Mike Bydalek (Oct 05)