PIX VPN client user authentication

Unanswered Question
Jul 22nd, 2009
User Badges:


I have a PIX 506E with 6.3(5) and wanted to know if I can configure VPN client with group and user authentications. I know I can configure just group authentication so users dont have to use the password everytime they try to connect. However I am also looking for second level of user authentication so I dont have to change the group password everytime a user leave the organization.

I configured this on a PIX and ASA units with newer versions but I cannot find the commands for 6.3(5)

I see commands below related to this

vpngroup <group_name> secure-unit-authentication

vpngroup <group_name> authentication-server <server_tag>

vpngroup <group_name> user-authentication

When I configure

vpngroup <group_name> user-authentication

I get the message

"Please configure an authentication server before enabling user authentication"

And when I add the below, I cannot configure for LOCAL authentication and accept only TACACS+ and RADIUS

vpngroup <group_name> authentication-server <server_tag>

So I am not sure if I can configure second level user authentication on this version.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Wed, 07/22/2009 - 10:28
User Badges:
  • Blue, 1500 points or more

can you post the output of "show aaa"

techtips03 Wed, 07/22/2009 - 18:22
User Badges:

when I do sh aaa, I just see aaa proxy-limit 16. I have not configured anything with aaa specifically. But I see this below in the config as default.

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local


This Discussion