different AAA server groups with PIX 6.3

Unanswered Question
Apr 2nd, 2007

we are doing some testing with a new Radius server, and want a specific VPNgroup to access this new Server,

with PIX release 7.0 this can be done as the Crypto map xxx client authentication-server command is not used and the authentication server is added to the vpngroup.

BUT how is this done with PIX release 6.3 as the"crypto map xxx client authentication determines which AAA server group to use.

Is there anyway round this on release 6.3

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mfreijser Tue, 04/03/2007 - 03:42

You can create multiple aaa-server groups with a maximum of 14 RADIUS servers each.

To use more than one RADIUS server:

First create multiple aaa-server groups, each defining a different RADIUS server

Then you assign the server-group to the crypto map with the command "crypto map client authentication "

You can find the exact commands in the Pix Firewall Command Reference found here:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_book09186a008017284e.html

Please rate if the post helps!

Regards,

Michael

Richard Bradfield Tue, 04/03/2007 - 16:04

yes done all that, I have a number of server groups setup.

the trouble is that the "crypto map client authentication " is like a global command and affects all VPN groups, it does not allow you to select a different server-group for each vpngroup

as I say this is not a problem with ver 7.0 it looks like will have to upgrade to 7.0 to get this to work.

David White Tue, 04/03/2007 - 20:00

Yes, you are correct. What you want to do is not possible in 6.x.

Sincerely,

David.

Actions

This Discussion