Difference in ezvpn on IOS & PIX7

Unanswered Question
Jun 1st, 2007

Can two different groups ezvpn on IOS routers be authenticated/authorized differently? for e.g. GROUPA using RADIUS and GROUPB from local.

ON IOS routers, What i can see is that the AAA lists are defined against the crypto map which is common for all groups. e.g.

aaa authentication login AUTHENTICATION_LIST group radius local

aaa authorization network AUTHORIZATION_LIST group radius local

crypto map MAP client authentication list AUTHENTICATION_LIST

crypto map MAP isakmp authorization list AUTHORIZATION_LIST

On PIX i can do the same thing on tunnel group level and so each group can be authenticated/authorized differently i.e. GROUPA using RADIUS and GROUPB using LOCAL


pixfirewall(config)# tunnel-group TUNNEL_GRP general-attributes





is my understanding correct or i'm missing something here ??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion