Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
1
Replies

Difference in ezvpn on IOS & PIX7

swapnendum
Level 1
Level 1

‎06-01-2007 05:26 AM - edited ‎03-09-2019 06:05 PM

Can two different groups ezvpn on IOS routers be authenticated/authorized differently? for e.g. GROUPA using RADIUS and GROUPB from local.

ON IOS routers, What i can see is that the AAA lists are defined against the crypto map which is common for all groups. e.g.

aaa authentication login AUTHENTICATION_LIST group radius local

aaa authorization network AUTHORIZATION_LIST group radius local

crypto map MAP client authentication list AUTHENTICATION_LIST

crypto map MAP isakmp authorization list AUTHORIZATION_LIST

On PIX i can do the same thing on tunnel group level and so each group can be authenticated/authorized differently i.e. GROUPA using RADIUS and GROUPB using LOCAL

e.g.

pixfirewall(config)# tunnel-group TUNNEL_GRP general-attributes

pixfirewall(config-tunnel-general)#

authentication-server-group

authorization-dn-attributes

authorization-server-group

is my understanding correct or i'm missing something here ??

Labels:
0 Helpful
1 Reply 1

bstremp
Level 2
Level 2

‎06-07-2007 12:09 PM

I think you are right, from IOS it is not possible to have different groups to be authenticated differently. Following link may help you

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents