Can two different groups ezvpn on IOS routers be authenticated/authorized differently? for e.g. GROUPA using RADIUS and GROUPB from local.
ON IOS routers, What i can see is that the AAA lists are defined against the crypto map which is common for all groups. e.g.
aaa authentication login AUTHENTICATION_LIST group radius local
aaa authorization network AUTHORIZATION_LIST group radius local
crypto map MAP client authentication list AUTHENTICATION_LIST
crypto map MAP isakmp authorization list AUTHORIZATION_LIST
On PIX i can do the same thing on tunnel group level and so each group can be authenticated/authorized differently i.e. GROUPA using RADIUS and GROUPB using LOCAL
e.g.
pixfirewall(config)# tunnel-group TUNNEL_GRP general-attributes
pixfirewall(config-tunnel-general)#
authentication-server-group
authorization-dn-attributes
authorization-server-group
is my understanding correct or i'm missing something here ??