[fw-wiz] Different Authentication For vpngroups On PIX

From: Mike Bydalek (mbydalek_at_contentconnections.com)
Date: 09/15/05

  • Next message: Mordechai T. Abzug: "[fw-wiz] secure firewall rule management program"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 15 Sep 2005 10:09:10 -0700
    
    

    Hello,

    Currently we have a PIX 515E with a vpngroup setup to use AAA via.
    radius. What I'm trying to do is create a second vpngroup that doesn't
    use AAA (yes, I know what I'm doing and have valid reasons ;) ). What's
    happening is that when I take out my line crypto map line of:

        crypto map outside_map client authentication freeradius

    and add the following lines to my vpngroup I want to authenticate:

        vpngroup myauthgroup authentication-server freeradius
        vpngroup myauthgroup user-authentication

    people in myauthgroup are able to authenticate with no client
    authentication. The Cisco VPN client just let's them connect as long as
    their group password is correct.

    I may be completely wrong, but isn't that what "user-authentication" is
    supposed to do? I've looked in the Cisco documentation and don't see
    anything really explaining the authentication-server and
    user-authentication.

    I've seen some mentions of it being done, but I haven't seen any
    configuration examples to compare with.

    The PIX Version is 6.3(4).

    Thanks in advance for pointing me in the right direction.

    -Mike
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Mordechai T. Abzug: "[fw-wiz] secure firewall rule management program"

    Relevant Pages