I know that this is a bad idea, but I have a customer that wants upwards of 200+ users put in the config of his PIX for use with VPN. What the customer wants, the customer gets... Unless, is that even possible? I can't find anything to tell me the max number of local users you can have.
Does anyone know what the max number of local users is for a PIX 515e running 7.2?
Here is the PIX 7.2 configuration (relevant portion only). To configure IAS, google something like "IAS radius cisco".
the dollar sign ($) indicates variable names/fields (user defined names)
access-list $splittunnel_acl extended permit ip $local_network $vpn_dhcp_network
ip local pool vpn-pool $start_ip-$end_ip
aaa-server RADIUSVPN protocol radius
aaa-server RADIUSVPN host $192.168.x.y
aaa-server RADIUSVPN host $192.168.x.z (backup IAS server)
group-policy $group_name internal
group-policy $group_name attributes
wins-server value $192.168.x.x
dns-server value $192.168.x.x $192.168.x.y
split-tunnel-network-list value $splittunnel_acl
default-domain value $local_domain
crypto ipsec transform-set $transform_name esp-3des esp-sha-hmac
crypto dynamic-map $DYN_MAPNAME 10 set transform-set $transform_name
crypto map VPN 25 ipsec-isakmp dynamic $DYN_MAPNAME
crypto map VPN interface outside
crypto isakmp enable outside
crypto isakmp policy 5
tunnel-group DefaultRAGroup general-attributes
authentication-server-group (outside) RADIUS
tunnel-group $group_name type ipsec-ra
tunnel-group $group_name general-attributes
tunnel-group $group_name ipsec-attributes
if you have regular crypto tunnels defined, place the dynamic map entry after those, otherwise strange things happen.