I have just inherited a corp network that uses a PIX 515e at each of three sites to create site-to-site VPN tunnels. This is working fine. I need to setup remote VPN access for individual users using the PIX at our main office. Is it possible to use RADIUS to authenticate some remote users and also authenticate other users using just a VPN group name and password (i.e. the client authenticates using the group name and password, but the user is not prompted to enter in a name/password). It seems as if this is a one or the other proposition. When I enable authentication using RADIUS, the group authentication stops working. Can I do both simultaneously? If so, can anyone offer any help to get started? Thanks.
Clarification: I am using two different VPN groups. One group (called vpngroup1) will allow the client to authenticate just using the vpn group name and password. I'd also like to use a second VPN group (called vpngroup2) that would authenticate using both the vpn group name and password, and then prompt the user for a username and password to be authenticated by a RADIUS server.
I've been told that this can be done, but when I enable use of the RADIUS server, the clients in vpngroup1 are prompted also for their username and password.
How do I link the RADIUS authentication requirement to just one of the VPN groups?
Attached is the working config with a single VPN group where the users are not prompted to provide username and password. Any efforts to enable AAA seem to disable the working remote access. The IP addresses shown below are obviously not legit. Any suggestions would be appreciated. Thanks in advance.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :