Remote Access VPN Pix 7.0

ray.ortiz · ‎08-11-2005

Can someone tell me how to create a remote access vpn that authenticates against a Windows 2003 Radius server. In the past I have configured 6.3 against a Windows 2003 server with no problem. In 7.0 with the introduction of Tunnel groups it is differnt. I addition how would you configure the following in Pix 7.0. I've used the vpngroup command in 6.3. See below-

VPNGROUP

vpngroup remote-users address-pool remote-net

vpngroup remote-users dns-server 10.140.x.x 10.140.x.x

vpngroup remote-users wins-server 10.140.x.x 10.140.x.x

vpngroup remote-users default-domain *.net

vpngroup remote-users split-tunnel splitTunnelAcl

vpngroup remote-users idle-time 1800

vpngroup remote-users password ********

AAA Authentication

aaa-server partnerauth protocol radius

aaa-server partnerauth (inside) host 10.140.*.* ******* timeout 10

How would I configure this setup on 7.0

Thanks in advance.

shijogeorge · ‎08-12-2005

Hi,

Please find the corresponding config in 7.0

group-policy cgroup internal

group-policy cgroup attributes

dns-server 10.140.x.x 10.140.x.x

wins-server 10.140.x.x 10.140.x.x

vpn-idle-timeout 1800

default-domain *.net

split-tunnel-policy tunnelspecified

split-tunnel-network-list value splitTunnelAcl

tunnel-group remote-users type ipsec-ra

tunnel-group remote-users general-attributes

address-pool remote-net

authentication-server-group radius

authorization-server-group LOCAL

default-group-policy cgroup

tunnel-group remote-user ipsec-attributes

pre-shared-key ********

HTH

Regards,

Shijo George.