Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
0
Helpful
5
Replies

pix local authorization

m.michalski
Frequent Visitor
Frequent Visitor

‎04-19-2005 04:23 AM

Hi

I have question: Is it possible to configure local authorization for the remote clients ( IPSec VPN,PPTP) on pix 515E with software 6.3(1).

I would like to have it in order to avoid RADIUS installation or to buy ACS.

Maybe is it possible to do with 7.0.1 software.

Thanks in advance for any help.

Best

Labels:
0 Helpful
5 Replies 5

sachinraja
Level 11
Level 11

‎04-20-2005 12:26 AM

hi michal,

local authorization is possible with pix 6.3... you can have a look at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1157343

look for the command aaa authorization... you can have either LOCAL or TACACS authorization.. RADIUS is not an option !!!!

hope this helps.. all the best..

Raj

0 Helpful

m.michalski
Frequent Visitor
Frequent Visitor
In response to sachinraja

‎04-20-2005 04:14 AM

Hi Raj

Sorry, I should qualify my question.

I would like to configure a Cisco PIX firewall without a Radius authentication server so that clients can establish a VPN connection based on local authorization. In addition local authorization should be used to issue an access control list (ACL) name to be used to control what resources the individual VPN client is able to access.There is new feature in 7.0 software :Tunnel Groups, Group Policies etc. but I havn't tested yet. Maybe somebody has some experience with it.

0 Helpful

sachinraja
Level 11
Level 11
In response to m.michalski

‎04-20-2005 05:08 AM

Hi michal

i dont think its possible locally with a 6.3... am not really sure abouvt V7.0.. you can open a tac with cisco and find this out....

Raj

0 Helpful

alexr
Community Member

‎05-08-2005 08:09 AM

Hi,

Yes, local authorization is supported on PIX 6.3 version.

You can define them in several steps:

1. Define IP local pool for assigning IP addresses for remote VPN usrs.

2. Define access-list for VPN terminations.

3. Define nat (inside) 0 access-list name

4. Define access-list for split tunneling

5. Define isakmp and ipsec policies.

6. define vpn users via vpngroup command.

0 Helpful

steve.dutky
Level 2
Level 2
In response to alexr

‎11-02-2006 02:25 PM

Without aaa is there anyway to apply an acl to inbound VPN clients?

The example from 8-16 Cisco PIX Firewall and VPN Configuration Guide:

Step 6 Create access lists that define the services the VPN clients are authorized to use. The RADIUS server

returns this access list ID to enable authorization.

Note: Configure the authentication server with the vendor-specific acl=acl_ID identifier to specify the

access-list ID. In this example, the access-list ID is 100. The entry in the authentication server

would then be acl=100.

0 Helpful
Customers Also Viewed These Support Documents