topic vpn authentication in Network Access Control https://community.cisco.com/t5/network-access-control/vpn-authentication/m-p/231848#M3202 <P>Is there a way to allow different vpn group using different client authentication methods. eg one being LOCAL and the other one RADIUS.</P><P></P><P>Thanks</P><P>Eppie</P> Fri, 21 Feb 2020 18:09:13 GMT eppiet 2020-02-21T18:09:13Z vpn authentication https://community.cisco.com/t5/network-access-control/vpn-authentication/m-p/231848#M3202 <P>Is there a way to allow different vpn group using different client authentication methods. eg one being LOCAL and the other one RADIUS.</P><P></P><P>Thanks</P><P>Eppie</P> Fri, 21 Feb 2020 18:09:13 GMT https://community.cisco.com/t5/network-access-control/vpn-authentication/m-p/231848#M3202 eppiet 2020-02-21T18:09:13Z Re: vpn authentication https://community.cisco.com/t5/network-access-control/vpn-authentication/m-p/231849#M3204 <HTML><HEAD></HEAD><BODY><P>Hi Eppie,</P><P></P><P> As the Auth method is decided at the "Crypto map" level and not at the "vpngroup" level:</P><P></P><P>As the commands for AAA on PIX are: (using tacacs)</P><P>aaa-server TACACS+ protocol tacacs+ </P><P>aaa-server TACACS+ (inside) host 10.0.0.2 secret123 </P><P></P><P>or</P><P></P><P>aaa-server database protocol LOCAL (using local)</P><P></P><P>And then once we define the AAA commands then they are attached to the Crypto map as:</P><P></P><P>crypto map partner-map client authentication TACACS+</P><P>crypto map partner-map interface outside</P><P></P><P>or</P><P></P><P>(when using local database)</P><P>crypto map partner-map client authentication database</P><P>crypto map partner-map interface outside</P><P></P><P></P><P>So there is no way to use BOTH the LOCAL and the TACACS/RADIUS at the sametime and you can only have one or the other.</P><P></P><P>For further reading:</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/c.htm#1034654" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/c.htm#1034654</A></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/vpncl11.htm#38519" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/vpncl11.htm#38519</A></P><P></P><P></P><P>Hope this helps,</P><P>Regards,</P><P>Aamir</P><P></P><P>-=-=-</P></BODY></HTML> Sat, 31 Jan 2004 20:44:55 GMT https://community.cisco.com/t5/network-access-control/vpn-authentication/m-p/231849#M3204 awaheed 2004-01-31T20:44:55Z