PIX515E VPN IPSec Local User Authentication

Discussion in 'Cisco' started by Matt, Apr 15, 2004.

  1. Matt

    Matt Guest

    We have a PIX515E firewall and have IPSec VPN set up (using vpngroup)

    We are trying to set up user authentication for 4 users, however, we
    do not went to set up a radius server for a handful of accounts (nor
    do we want one group/group password for everyone)

    From what I can tell, we can set up local users (in the PIX
    configuration) using PPTP authentication but not IPSec.

    Is there some way to create seperate user/passwords in the pix
    configuration without configuring multiple IPSec VPN groups?

    In addition, is there a way to set static VPN ip addresses for users
    so that we can set up seperate access-lists per user?

    Again, we are trying to stay away from using RADIUS or TACACS+ for
    simplicity purposes.


    - Matt
    Matt, Apr 15, 2004
    1. Advertisements

  2. Matt

    Chad Mahoney Guest


    You can setup a vpn group for each user. Each group would have its own

    Chad Mahoney, Apr 15, 2004
    1. Advertisements

  3. Matt

    Mark Green Guest

    You can use local authentication
    "aaa-server LOCAL protocol local"
    "crypto map outside_map client authentication LOCAL"
    (but you still needs the vpngroup password)
    then just open users with privilege 0 on the pix:
    "username youruser password xxx privilege 0"
    Mark Green, Apr 15, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.