[fw-wiz] Different Authentication For vpngroups On PIX
From: Mike Bydalek (mbydalek_at_contentconnections.com)
Date: 09/15/05
- Previous message: Anand Kapoor: "[fw-wiz] ipf equivalent to Iptables Queue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Thu, 15 Sep 2005 10:09:10 -0700
Hello,
Currently we have a PIX 515E with a vpngroup setup to use AAA via.
radius. What I'm trying to do is create a second vpngroup that doesn't
use AAA (yes, I know what I'm doing and have valid reasons ;) ). What's
happening is that when I take out my line crypto map line of:
crypto map outside_map client authentication freeradius
and add the following lines to my vpngroup I want to authenticate:
vpngroup myauthgroup authentication-server freeradius
vpngroup myauthgroup user-authentication
people in myauthgroup are able to authenticate with no client
authentication. The Cisco VPN client just let's them connect as long as
their group password is correct.
I may be completely wrong, but isn't that what "user-authentication" is
supposed to do? I've looked in the Cisco documentation and don't see
anything really explaining the authentication-server and
user-authentication.
I've seen some mentions of it being done, but I haven't seen any
configuration examples to compare with.
The PIX Version is 6.3(4).
Thanks in advance for pointing me in the right direction.
-Mike
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Anand Kapoor: "[fw-wiz] ipf equivalent to Iptables Queue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
