[fw-wiz] Different Authentication For vpngroups On PIX
From: Mike Bydalek (mbydalek_at_contentconnections.com)
To: firstname.lastname@example.org Date: Thu, 15 Sep 2005 10:09:10 -0700
Currently we have a PIX 515E with a vpngroup setup to use AAA via.
radius. What I'm trying to do is create a second vpngroup that doesn't
use AAA (yes, I know what I'm doing and have valid reasons ;) ). What's
happening is that when I take out my line crypto map line of:
crypto map outside_map client authentication freeradius
and add the following lines to my vpngroup I want to authenticate:
vpngroup myauthgroup authentication-server freeradius
vpngroup myauthgroup user-authentication
people in myauthgroup are able to authenticate with no client
authentication. The Cisco VPN client just let's them connect as long as
their group password is correct.
I may be completely wrong, but isn't that what "user-authentication" is
supposed to do? I've looked in the Cisco documentation and don't see
anything really explaining the authentication-server and
I've seen some mentions of it being done, but I haven't seen any
configuration examples to compare with.
The PIX Version is 6.3(4).
Thanks in advance for pointing me in the right direction.
firewall-wizards mailing list