topic PIX VPN client user authentication in Network Security

PIX VPN client user authentication

techtips03 — Mon, 11 Mar 2019 15:58:06 GMT

I have a PIX 506E with 6.3(5) and wanted to know if I can configure VPN client with group and user authentications. I know I can configure just group authentication so users dont have to use the password everytime they try to connect. However I am also looking for second level of user authentication so I dont have to change the group password everytime a user leave the organization.

I configured this on a PIX and ASA units with newer versions but I cannot find the commands for 6.3(5)

I see commands below related to this

vpngroup <group_name> secure-unit-authentication

vpngroup <group_name> authentication-server <server_tag>

vpngroup <group_name> user-authentication

When I configure

vpngroup <group_name> user-authentication

I get the message

"Please configure an authentication server before enabling user authentication"

And when I add the below, I cannot configure for LOCAL authentication and accept only TACACS+ and RADIUS

vpngroup <group_name> authentication-server <server_tag>

So I am not sure if I can configure second level user authentication on this version.

Thanks

Re: PIX VPN client user authentication

srue — Wed, 22 Jul 2009 17:28:36 GMT

can you post the output of "show aaa"

Re: PIX VPN client user authentication

techtips03 — Thu, 23 Jul 2009 01:22:12 GMT

when I do sh aaa, I just see aaa proxy-limit 16. I have not configured anything with aaa specifically. But I see this below in the config as default.

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

Re: PIX VPN client user authentication

techtips03 — Thu, 23 Jul 2009 19:11:35 GMT

can someone advise on this please?