Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

different AAA server groups with PIX 6.3

we are doing some testing with a new Radius server, and want a specific VPNgroup to access this new Server,

with PIX release 7.0 this can be done as the Crypto map xxx client authentication-server command is not used and the authentication server is added to the vpngroup.

BUT how is this done with PIX release 6.3 as the"crypto map xxx client authentication determines which AAA server group to use.

Is there anyway round this on release 6.3

3 REPLIES
Bronze

Re: different AAA server groups with PIX 6.3

You can create multiple aaa-server groups with a maximum of 14 RADIUS servers each.

To use more than one RADIUS server:

First create multiple aaa-server groups, each defining a different RADIUS server

Then you assign the server-group to the crypto map with the command "crypto map client authentication "

You can find the exact commands in the Pix Firewall Command Reference found here:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_book09186a008017284e.html

Please rate if the post helps!

Regards,

Michael

Re: different AAA server groups with PIX 6.3

yes done all that, I have a number of server groups setup.

the trouble is that the "crypto map client authentication " is like a global command and affects all VPN groups, it does not allow you to select a different server-group for each vpngroup

as I say this is not a problem with ver 7.0 it looks like will have to upgrade to 7.0 to get this to work.

Silver

Re: different AAA server groups with PIX 6.3

Yes, you are correct. What you want to do is not possible in 6.x.

Sincerely,

David.

99
Views
0
Helpful
3
Replies