Thanks for your reply, much appreciated!!!
the command you're reffering to is used to configure the Radius server parameters on the router.
I have done that already and what I am looking for is what vpn group radius attributes (if any) we can use with the PIX.
For example: with an IOS router you can configure all group parameters on the Radius server and you don't even need to add the group on the router itself.
here is what I have on the IOS router (837):
aaa group server radius ipvpn
server-private 10.1.1.1 auth-port 1645 acct-port 1646 key 7 xxxxx
aaa authentication login remote-837 group ipvpn
aaa authentication enable default enable
aaa authorization exec default local
aaa authorization network default none
aaa authorization network remote-837 group ipvpn
aaa session-id common
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto ipsec transform-set remote esp-3des esp-sha-hmac
!
crypto dynamic-map remote 10
set security-association idle-time 3600
set transform-set remote
!
!
crypto map 837-vpn client authentication list remote-837
crypto map 837-vpn isakmp authorization list remote-837
crypto map 837-vpn client configuration address respond
crypto map 837-vpn 10 ipsec-isakmp dynamic remote
interface ATM0.38 point-to-point
ip nat outside
pvc 0/38
ubr 256
oam-pvc manage
encapsulation aal5mux ip
!
crypto map 837-vpn
and then I have configured group account on the radius server with all the parameters that I want e.g. password, dns, wins servers etc.
So when a VPN Client wants to connect to this router the router will check the group parameters on the radius server and then authenticate the user (another account on the same radius server).
What I am looking for is the same functionality on the PIX instead of configuring vpngroup commands on each of the PIXs manually.
Hope it makes it a bit clearer.
Thanks
Oleg
