Bill,First I would recommend that you upgrade the code. Secondly this command tells it to check the radius account for the user it is logging into. So you should be able to define within IAS what privilege level a user should have within its accoun...

If you wish the firewall to actually change the destination ip within each packet then use the alias command.

yes its doable and its called port redirection. Use the static command and specify port 80. Also if you want the request to look like they are all going to the pix then specify the interface within the static command. For example:static (inside,o...

yes it is already an encrypted tunnel using esp, then you are authenticated using the group name and password. if you want to prove it hook up a sniffer and see if you can see the group name/pass sent plain text, which you wont.

ok...then you can use nat0 to allow this traffic as long as its not to routable ip space (ie the internet). So use the nat0 to override your static statements. If you get a chance post your config and i will tell you why its not working.