PIX515E VPN IPSec Local User Authentication

Discussion in 'Cisco' started by Matt, Apr 15, 2004.

  1. Matt

    Matt Guest

    We have a PIX515E firewall and have IPSec VPN set up (using vpngroup)

    We are trying to set up user authentication for 4 users, however, we
    do not went to set up a radius server for a handful of accounts (nor
    do we want one group/group password for everyone)

    From what I can tell, we can set up local users (in the PIX
    configuration) using PPTP authentication but not IPSec.

    Is there some way to create seperate user/passwords in the pix
    configuration without configuring multiple IPSec VPN groups?

    In addition, is there a way to set static VPN ip addresses for users
    so that we can set up seperate access-lists per user?

    Again, we are trying to stay away from using RADIUS or TACACS+ for
    simplicity purposes.

    Thanks.

    - Matt
     
    Matt, Apr 15, 2004
    #1
    1. Advertisements

  2. Matt

    Chad Mahoney Guest

    Matt wrote:
    > We have a PIX515E firewall and have IPSec VPN set up (using vpngroup)
    >
    > We are trying to set up user authentication for 4 users, however, we
    > do not went to set up a radius server for a handful of accounts (nor
    > do we want one group/group password for everyone)
    >
    > From what I can tell, we can set up local users (in the PIX
    > configuration) using PPTP authentication but not IPSec.
    >
    > Is there some way to create seperate user/passwords in the pix
    > configuration without configuring multiple IPSec VPN groups?
    >
    > In addition, is there a way to set static VPN ip addresses for users
    > so that we can set up seperate access-lists per user?
    >
    > Again, we are trying to stay away from using RADIUS or TACACS+ for
    > simplicity purposes.
    >
    > Thanks.
    >
    > - Matt

    Matt,

    You can setup a vpn group for each user. Each group would have its own
    password.


    Chad
     
    Chad Mahoney, Apr 15, 2004
    #2
    1. Advertisements

  3. Matt

    Mark Green Guest

    (Matt) wrote in message news:<>...
    > We have a PIX515E firewall and have IPSec VPN set up (using vpngroup)
    >
    > We are trying to set up user authentication for 4 users, however, we
    > do not went to set up a radius server for a handful of accounts (nor
    > do we want one group/group password for everyone)

    You can use local authentication
    with:
    "aaa-server LOCAL protocol local"
    and
    "crypto map outside_map client authentication LOCAL"
    (but you still needs the vpngroup password)
    then just open users with privilege 0 on the pix:
    "username youruser password xxx privilege 0"

    >
    > From what I can tell, we can set up local users (in the PIX
    > configuration) using PPTP authentication but not IPSec.
    >
    > Is there some way to create seperate user/passwords in the pix
    > configuration without configuring multiple IPSec VPN groups?


    >
    > In addition, is there a way to set static VPN ip addresses for users
    > so that we can set up seperate access-lists per user?
    >
    > Again, we are trying to stay away from using RADIUS or TACACS+ for
    > simplicity purposes.
    >
    > Thanks.
    >
    > - Matt
     
    Mark Green, Apr 15, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.