Re: VPN Client question

oostveen · ‎02-16-2005

Hi,

I was just configuring my PIX 501 to enable clients with the Cisco vpn client software installed to connect.

This works fine.

But it is a group authentication so all clients use the same login.

I like to use individual users but this option is only possible when configuring L2TP / PPTP Clients.

I dont have a Radius server so should I drop using the Cisco VPN client and connect using PPTP for example?

Jake

j.contreras · ‎02-16-2005

Hi

Currently, in PIX you can authenticate VPN clients using Xauth, with any authentication method (radius or local for example)

Here is an example config using radius:

A little more info:

For LOCAL auth you can have something like (see other details in the url above):

crypto map vpn-remote 10 ipsec-isakmp dynamic vpn-remote-dy

crypto map vpn-remote client configuration address initiate

crypto map vpn-remote client configuration address respond

crypto map vpn-remote client authentication LOCAL

crypto map vpn-remote interface outside

And then define local users in the pix (if there is no radius server available, or you have very few users)

username radmin password password12

And of course your vpngroup:

vpngroup rmadmin address-pool vpnadm

vpngroup rmadmin split-tunnel vpnadm

vpngroup rmadmin idle-time 1800

vpngroup rmadmin password ********

Regards

oostveen · ‎02-21-2005

Thx for the respons.

I'll try this.

Regards