Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
704
Views
0
Helpful
1
Replies

can local group be used for remote user authentication ?

Go to solution
bapatsubodh
Level 1
Level 1

‎11-16-2005 05:19 AM - edited ‎02-21-2020 10:13 AM

hi,

Can I use local user databease created on PIX as an authentication method for remote access VPN clients. When tried to do using PDM following error was shown

"Local group is not supported for remote user auth.of an easy vpn remote client. Please select another auth. server group."

Snapshot of PIX is attached herewith.

This snap shot is from :following menu.

configuration ---> VPN ---> remote access--> cisco vpn client ---> select the group ---> edit --> advanced -->

Is there is another way , that can I use local data base from PIX itself to authenticate users coming from outside world from VPN client.

Labels:
Preview file
135 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jackko
Level 7
Level 7

‎11-16-2005 02:38 PM

no doubt that pix is able to authenticate remote vpn user against its local database.

below are the sample codes:

access-list 101 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list 120 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

nat (inside) 0 access-list 101

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp identity address

isakmp nat-traversal 20

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

ip local pool ippool 10.1.1.11-10.1.1.21

vpngroup vpnclient address-pool ippool

vpngroup vpnclient idle-time 1800

vpngroup vpnclient dns-server 139.130.4.4

vpngroup vpnclient password cisco456

vpngroup vpnclient split-tunnel 120

crypto dynamic-map dynmap 10 set transform-set vpnset

crypto map remote_vpn 20 ipsec-isakmp dynamic dynmap

username cisco password cisco123

aaa-server LOCAL protocol local

crypto map remote_vpn client authentication LOCAL

crypto map remote_vpn client configuration address initiate

crypto map remote_vpn client configuration address respond

View solution in original post

0 Helpful
1 Reply 1

Go to solution
jackko
Level 7
Level 7

‎11-16-2005 02:38 PM

no doubt that pix is able to authenticate remote vpn user against its local database.

below are the sample codes:

access-list 101 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list 120 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

nat (inside) 0 access-list 101

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp identity address

isakmp nat-traversal 20

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

ip local pool ippool 10.1.1.11-10.1.1.21

vpngroup vpnclient address-pool ippool

vpngroup vpnclient idle-time 1800

vpngroup vpnclient dns-server 139.130.4.4

vpngroup vpnclient password cisco456

vpngroup vpnclient split-tunnel 120

crypto dynamic-map dynmap 10 set transform-set vpnset

crypto map remote_vpn 20 ipsec-isakmp dynamic dynmap

username cisco password cisco123

aaa-server LOCAL protocol local

crypto map remote_vpn client authentication LOCAL

crypto map remote_vpn client configuration address initiate

crypto map remote_vpn client configuration address respond

0 Helpful
Customers Also Viewed These Support Documents