«

We have a PIX515E firewall and have IPSec VPN set up (using vpngroup)

We are trying to set up user authentication for 4 users, however, we
do not went to set up a radius server for a handful of accounts (nor
do we want one group/group password for everyone)

From what I can tell, we can set up local users (in the PIX
configuration) using PPTP authentication but not IPSec.

Is there some way to create seperate user/passwords in the pix
configuration without configuring multiple IPSec VPN groups?

In addition, is there a way to set static VPN ip addresses for users
so that we can set up seperate access-lists per user?

Again, we are trying to stay away from using RADIUS or TACACS+ for
simplicity purposes.

Thanks.

- Matt

Matt wrote:
> We have a PIX515E firewall and have IPSec VPN set up (using vpngroup)
>
> We are trying to set up user authentication for 4 users, however, we
> do not went to set up a radius server for a handful of accounts (nor
> do we want one group/group password for everyone)
>
> From what I can tell, we can set up local users (in the PIX
> configuration) using PPTP authentication but not IPSec.
>
> Is there some way to create seperate user/passwords in the pix
> configuration without configuring multiple IPSec VPN groups?
>
> In addition, is there a way to set static VPN ip addresses for users
> so that we can set up seperate access-lists per user?
>
> Again, we are trying to stay away from using RADIUS or TACACS+ for
> simplicity purposes.
>
> Thanks.
>
> - Matt
Matt,

You can setup a vpn group for each user. Each group would have its own
password.


Chad

(Matt) wrote in message news:< >...
> We have a PIX515E firewall and have IPSec VPN set up (using vpngroup)
>
> We are trying to set up user authentication for 4 users, however, we
> do not went to set up a radius server for a handful of accounts (nor
> do we want one group/group password for everyone)
You can use local authentication
with:
"aaa-server LOCAL protocol local"
and
"crypto map outside_map client authentication LOCAL"
(but you still needs the vpngroup password)
then just open users with privilege 0 on the pix:
"username youruser password xxx privilege 0"

>
> From what I can tell, we can set up local users (in the PIX
> configuration) using PPTP authentication but not IPSec.
>
> Is there some way to create seperate user/passwords in the pix
> configuration without configuring multiple IPSec VPN groups?

>
> In addition, is there a way to set static VPN ip addresses for users
> so that we can set up seperate access-lists per user?
>
> Again, we are trying to stay away from using RADIUS or TACACS+ for
> simplicity purposes.
>
> Thanks.
>
> - Matt