07-22-2009 09:56 AM - edited 03-11-2019 08:58 AM
Hi
I have a PIX 506E with 6.3(5) and wanted to know if I can configure VPN client with group and user authentications. I know I can configure just group authentication so users dont have to use the password everytime they try to connect. However I am also looking for second level of user authentication so I dont have to change the group password everytime a user leave the organization.
I configured this on a PIX and ASA units with newer versions but I cannot find the commands for 6.3(5)
I see commands below related to this
vpngroup <group_name> secure-unit-authentication
vpngroup <group_name> authentication-server <server_tag>
vpngroup <group_name> user-authentication
When I configure
vpngroup <group_name> user-authentication
I get the message
"Please configure an authentication server before enabling user authentication"
And when I add the below, I cannot configure for LOCAL authentication and accept only TACACS+ and RADIUS
vpngroup <group_name> authentication-server <server_tag>
So I am not sure if I can configure second level user authentication on this version.
Thanks
07-22-2009 10:28 AM
can you post the output of "show aaa"
07-22-2009 06:22 PM
when I do sh aaa, I just see aaa proxy-limit 16. I have not configured anything with aaa specifically. But I see this below in the config as default.
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
07-23-2009 12:11 PM
can someone advise on this please?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide