You can only have one crypto map on an interface. When I said "MyMap", I meant the crypto map you're already using. But yes, this affects the existing Remote-access VPNs (not LAN-to-LAN VPNs).You cannot have one group of users having to authenticate ...
I'm not sure about "IKE negotiations per second" , but maybe this could get you going:http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
Well, best thing to do obviously is to find another way for yourself to telnet to the pix so that you can deny access from the terminal server. Now, if a VPN user was able to sniff network traffic, and you're using telnet to get to the pix..... your...
Ah, I misread that part.You can have only one local user base. So if you can't make a separation there, you could do it using the telnet ACL. Only allow telnet via the inside interface.I see your point though, that you want to separate engineers from...
Hi,To use local authentication for VPN users, use this in your crypto-map:crypto map MyMap client authentication LOCALAnd then add local users with:username password For telnet access you can use another authentication method like tacacs+:aaa authen...