Re: Remote access IPSec VPN with RADIUS authentication

ashraf.ali · ‎08-29-2003

Hello,

I have a scenario of IPSec VPN Client establishing IPSec VPN sessions with a PIX Firewall authenticating the clients with a RADIUS server. I tried doing this with a local IP address pool configured in the PIX, assigning IP addresses for the clients. It worked. Can I have a client getting authenticated from a RADIUS server and getting an IP assigned to it from the RADIUS server ? With this I can account the accessibilty of the users and restrict access internally based on the IP address.

All these I can do if I can tie an IP address to an user ID in the RADIUS server. Above all it should workin this IPSec VPN setup. ?

Is there anybody who had some experience on these kind of setup ?

Pls reply.

Thanks

regards,

Ashraf

gfullage · ‎08-29-2003

No, you can't assign an IP address from the Radius server, only from a local pool. This feature has been discussed and will probably appear in a later PIX release, but for the moment there's no way around it and no way to tie a specific IP address to a specific VPN user. Sorry.

bill.higgins · ‎09-10-2003

Once an IP address from the address pool on a 3000 VPN Concentrator has been given out to the remote user, how do you know what that address is from lookin in the syslog. In other words, what setting in the Configuration > System > Events > Classes is needed to see that IP? I can get the users ISP address in syslog, but can't figure out how to match the user to the IP handed out by the address pool.