Different Authentication For vpngroups On PIX

[Mike Bydalek <mbydalek () contentconnections com>]

Hello,

Currently we have a PIX 515E with a vpngroup setup to use AAA via. 
radius.  What I'm trying to do is create a second vpngroup that doesn't 
use AAA (yes, I know what I'm doing and have valid reasons ;) ).  What's 
happening is that when I take out my line crypto map line of:

   crypto map outside_map client authentication freeradius

and add the following lines to my vpngroup I want to authenticate:

   vpngroup myauthgroup authentication-server freeradius
   vpngroup myauthgroup user-authentication

people in myauthgroup are able to authenticate with no client 
authentication.  The Cisco VPN client just let's them connect as long as 
their group password is correct.

I may be completely wrong, but isn't that what "user-authentication" is 
supposed to do?  I've looked in the Cisco documentation and don't see 
anything really explaining the authentication-server and 
user-authentication.

I've seen some mentions of it being done, but I haven't seen any 
configuration examples to compare with.

The PIX Version is 6.3(4).

Thanks in advance for pointing me in the right direction.

-Mike
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards