PIX VPN client user authentication

techtips03 · ‎07-22-2009

Hi

I have a PIX 506E with 6.3(5) and wanted to know if I can configure VPN client with group and user authentications. I know I can configure just group authentication so users dont have to use the password everytime they try to connect. However I am also looking for second level of user authentication so I dont have to change the group password everytime a user leave the organization.

I configured this on a PIX and ASA units with newer versions but I cannot find the commands for 6.3(5)

I see commands below related to this

vpngroup <group_name> secure-unit-authentication

vpngroup <group_name> authentication-server <server_tag>

vpngroup <group_name> user-authentication

When I configure

vpngroup <group_name> user-authentication

I get the message

"Please configure an authentication server before enabling user authentication"

And when I add the below, I cannot configure for LOCAL authentication and accept only TACACS+ and RADIUS

vpngroup <group_name> authentication-server <server_tag>

So I am not sure if I can configure second level user authentication on this version.

Thanks

srue · ‎07-22-2009

can you post the output of "show aaa"

techtips03 · ‎07-22-2009

when I do sh aaa, I just see aaa proxy-limit 16. I have not configured anything with aaa specifically. But I see this below in the config as default.

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

techtips03 · ‎07-23-2009

can someone advise on this please?