Firewall Wizards mailing list archives
Different Authentication For vpngroups On PIX
From: Mike Bydalek <mbydalek () contentconnections com>
Date: Thu, 15 Sep 2005 10:09:10 -0700
Hello,Currently we have a PIX 515E with a vpngroup setup to use AAA via. radius. What I'm trying to do is create a second vpngroup that doesn't use AAA (yes, I know what I'm doing and have valid reasons ;) ). What's happening is that when I take out my line crypto map line of:
crypto map outside_map client authentication freeradius and add the following lines to my vpngroup I want to authenticate: vpngroup myauthgroup authentication-server freeradius vpngroup myauthgroup user-authenticationpeople in myauthgroup are able to authenticate with no client authentication. The Cisco VPN client just let's them connect as long as their group password is correct.
I may be completely wrong, but isn't that what "user-authentication" is supposed to do? I've looked in the Cisco documentation and don't see anything really explaining the authentication-server and user-authentication.
I've seen some mentions of it being done, but I haven't seen any configuration examples to compare with.
The PIX Version is 6.3(4). Thanks in advance for pointing me in the right direction. -Mike _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Different Authentication For vpngroups On PIX Mike Bydalek (Sep 22)