different AAA server groups with PIX 6.3

Unanswered Question
Apr 2nd, 2007
User Badges:
  • Silver, 250 points or more

we are doing some testing with a new Radius server, and want a specific VPNgroup to access this new Server,

with PIX release 7.0 this can be done as the Crypto map xxx client authentication-server command is not used and the authentication server is added to the vpngroup.

BUT how is this done with PIX release 6.3 as the"crypto map xxx client authentication determines which AAA server group to use.

Is there anyway round this on release 6.3

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mfreijser Tue, 04/03/2007 - 03:42
User Badges:
  • Bronze, 100 points or more

You can create multiple aaa-server groups with a maximum of 14 RADIUS servers each.


To use more than one RADIUS server:


First create multiple aaa-server groups, each defining a different RADIUS server


Then you assign the server-group to the crypto map with the command "crypto map client authentication "


You can find the exact commands in the Pix Firewall Command Reference found here:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_book09186a008017284e.html


Please rate if the post helps!


Regards,


Michael


Richard Bradfield Tue, 04/03/2007 - 16:04
User Badges:
  • Silver, 250 points or more

yes done all that, I have a number of server groups setup.

the trouble is that the "crypto map client authentication " is like a global command and affects all VPN groups, it does not allow you to select a different server-group for each vpngroup

as I say this is not a problem with ver 7.0 it looks like will have to upgrade to 7.0 to get this to work.


David White Tue, 04/03/2007 - 20:00
User Badges:
  • Cisco Employee,

Yes, you are correct. What you want to do is not possible in 6.x.


Sincerely,


David.

Actions

This Discussion