Difference in ezvpn on IOS & PIX7

Unanswered Question
Jun 1st, 2007

Can two different groups ezvpn on IOS routers be authenticated/authorized differently? for e.g. GROUPA using RADIUS and GROUPB from local.

ON IOS routers, What i can see is that the AAA lists are defined against the crypto map which is common for all groups. e.g.

aaa authentication login AUTHENTICATION_LIST group radius local

aaa authorization network AUTHORIZATION_LIST group radius local

crypto map MAP client authentication list AUTHENTICATION_LIST

crypto map MAP isakmp authorization list AUTHORIZATION_LIST

On PIX i can do the same thing on tunnel group level and so each group can be authenticated/authorized differently i.e. GROUPA using RADIUS and GROUPB using LOCAL

e.g.

pixfirewall(config)# tunnel-group TUNNEL_GRP general-attributes

pixfirewall(config-tunnel-general)#

authentication-server-group

authorization-dn-attributes

authorization-server-group

is my understanding correct or i'm missing something here ??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion