PIX515E VPN IPSec Local User Authentication

Discussion in 'Cisco' started by Matt, Apr 15, 2004.

  1. Matt

    Matt Guest

    We have a PIX515E firewall and have IPSec VPN set up (using vpngroup)

    We are trying to set up user authentication for 4 users, however, we
    do not went to set up a radius server for a handful of accounts (nor
    do we want one group/group password for everyone)

    From what I can tell, we can set up local users (in the PIX
    configuration) using PPTP authentication but not IPSec.

    Is there some way to create seperate user/passwords in the pix
    configuration without configuring multiple IPSec VPN groups?

    In addition, is there a way to set static VPN ip addresses for users
    so that we can set up seperate access-lists per user?

    Again, we are trying to stay away from using RADIUS or TACACS+ for
    simplicity purposes.

    Thanks.

    - Matt
     
    Matt, Apr 15, 2004
    #1
    1. Advertising

  2. Matt

    Chad Mahoney Guest

    Matt wrote:
    > We have a PIX515E firewall and have IPSec VPN set up (using vpngroup)
    >
    > We are trying to set up user authentication for 4 users, however, we
    > do not went to set up a radius server for a handful of accounts (nor
    > do we want one group/group password for everyone)
    >
    > From what I can tell, we can set up local users (in the PIX
    > configuration) using PPTP authentication but not IPSec.
    >
    > Is there some way to create seperate user/passwords in the pix
    > configuration without configuring multiple IPSec VPN groups?
    >
    > In addition, is there a way to set static VPN ip addresses for users
    > so that we can set up seperate access-lists per user?
    >
    > Again, we are trying to stay away from using RADIUS or TACACS+ for
    > simplicity purposes.
    >
    > Thanks.
    >
    > - Matt

    Matt,

    You can setup a vpn group for each user. Each group would have its own
    password.


    Chad
     
    Chad Mahoney, Apr 15, 2004
    #2
    1. Advertising

  3. Matt

    Mark Green Guest

    (Matt) wrote in message news:<>...
    > We have a PIX515E firewall and have IPSec VPN set up (using vpngroup)
    >
    > We are trying to set up user authentication for 4 users, however, we
    > do not went to set up a radius server for a handful of accounts (nor
    > do we want one group/group password for everyone)

    You can use local authentication
    with:
    "aaa-server LOCAL protocol local"
    and
    "crypto map outside_map client authentication LOCAL"
    (but you still needs the vpngroup password)
    then just open users with privilege 0 on the pix:
    "username youruser password xxx privilege 0"

    >
    > From what I can tell, we can set up local users (in the PIX
    > configuration) using PPTP authentication but not IPSec.
    >
    > Is there some way to create seperate user/passwords in the pix
    > configuration without configuring multiple IPSec VPN groups?


    >
    > In addition, is there a way to set static VPN ip addresses for users
    > so that we can set up seperate access-lists per user?
    >
    > Again, we are trying to stay away from using RADIUS or TACACS+ for
    > simplicity purposes.
    >
    > Thanks.
    >
    > - Matt
     
    Mark Green, Apr 15, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tejlor
    Replies:
    2
    Views:
    2,295
    tejlor
    Nov 25, 2003
  2. Bill F
    Replies:
    7
    Views:
    4,046
    Bill F
    Nov 2, 2004
  3. zillah
    Replies:
    0
    Views:
    732
    zillah
    Nov 9, 2006
  4. Replies:
    2
    Views:
    1,033
    Walter Roberson
    Aug 22, 2007
  5. Tony2Time
    Replies:
    0
    Views:
    1,304
    Tony2Time
    Jun 23, 2011
Loading...

Share This Page