Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
359
Views
0
Helpful
2
Replies

PIX Remote Access VPN - Local Authentication

carl.forbes
Level 1
Level 1

‎03-28-2007 05:31 AM - edited ‎03-11-2019 02:52 AM

Hi,

I would like to terminate my remote access VPN on a PIX 525 software 6.3(4).

Can I use the following command to enable local user authentication:

crypto map my-map client authentication local

I do not have a AAA server in the environment.

(this is a design only, so don't have the kit to test on either)

Many thanks!

Carl.

Labels:
0 Helpful
2 Replies 2

carl.forbes
Level 1
Level 1

‎03-29-2007 01:07 AM

If local authentication was used, I'm now guessing that this would expose my firewall credential to remote access users. Something that is not desirable.

Anyway around this? can I specify usergroups etc?

Thanks.

0 Helpful

David White
Cisco Employee
Cisco Employee
In response to carl.forbes

‎03-29-2007 08:27 AM

Hi Carl,

Yes, you can authenticate VPN users to the LOCAL user database.

If you also authenticate to the PIX using Telnet/SSH/HTTPS to the LOCAL database, then yes, those users will also be able to authenticate. However, you can set their privilege level to 1 and thus they will not be able to get into enable mode. (You could also use a seperate global enable password instead of using the LOCAL database for the enable password.)

Hope it helps,

David.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card