Re: [fw-wiz] Different Authentication For vpngroups On PIX
From: Mike Bydalek (mbydalek_at_contentconnections.com)
To: email@example.com Date: Thu, 22 Sep 2005 10:20:53 -0700
Paul Melson wrote:
>Subject: [fw-wiz] Different Authentication For vpngroups On PIX
>>Currently we have a PIX 515E with a vpngroup setup to use AAA via.
>>radius. What I'm trying to do is create a second vpngroup that doesn't
>Nope, vpngroup user-authentication is only for forcing individual per-IP
>authentication for clients behind a another PIX or VPN3K configured in
Ah, thank you for clearing this up as I wasn't aware of that.
>I'm not sure you can even do what you propose. I think it's 1 crypto map
>per interface, 1 client auth method per crypto map until you get to PIX OS
>7.x on the ASA class firewalls (where you set this up like a VPN3K).
>Either way, your crypto map must specify what type of client XAUTH it will
>use. If it doesn't specify, then no XAUTH is used and it only checks
>vpngroup/password to allow access. That's what's happening to you now.
This makes sense.
Let me then take this and change my question a little. What I am trying
to do is have a server automatically VPN in, backup some files, and then
disconnect. In order to do this, one of the options is storing the
user/pass on the server (not the best idea in the world, but if I have
to, I have to). So, what would then be the best way to setup for this
firewall-wizards mailing list