Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1155
Views
0
Helpful
1
Replies

vpn authentication

eppiet
Level 1
Level 1

‎01-30-2004 12:27 PM - edited ‎02-21-2020 10:09 AM

Is there a way to allow different vpn group using different client authentication methods. eg one being LOCAL and the other one RADIUS.

Thanks

Eppie

Labels:
0 Helpful
1 Reply 1

awaheed
Cisco Employee
Cisco Employee

‎01-31-2004 12:44 PM

Hi Eppie,

As the Auth method is decided at the "Crypto map" level and not at the "vpngroup" level:

As the commands for AAA on PIX are: (using tacacs)

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (inside) host 10.0.0.2 secret123

or

aaa-server database protocol LOCAL (using local)

And then once we define the AAA commands then they are attached to the Crypto map as:

crypto map partner-map client authentication TACACS+

crypto map partner-map interface outside

or

(when using local database)

crypto map partner-map client authentication database

crypto map partner-map interface outside

So there is no way to use BOTH the LOCAL and the TACACS/RADIUS at the sametime and you can only have one or the other.

For further reading:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/c.htm#1034654

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/vpncl11.htm#38519

Hope this helps,

Regards,

Aamir

-=-=-

0 Helpful
Customers Also Viewed These Support Documents