different AAA server groups with PIX 6.3 - Cisco Community

352

Views

0

Helpful

3

Replies

we are doing some testing with a new Radius server, and want a specific VPNgroup to access this new Server,

with PIX release 7.0 this can be done as the Crypto map xxx client authentication-server command is not used and the authentication server is added to the vpngroup.

BUT how is this done with PIX release 6.3 as the"crypto map xxx client authentication determines which AAA server group to use.

Is there anyway round this on release 6.3

3 Replies 3

You can create multiple aaa-server groups with a maximum of 14 RADIUS servers each.

To use more than one RADIUS server:

First create multiple aaa-server groups, each defining a different RADIUS server

Then you assign the server-group to the crypto map with the command "crypto map client authentication "

You can find the exact commands in the Pix Firewall Command Reference found here:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_book09186a008017284e.html

Please rate if the post helps!

Regards,

Michael

yes done all that, I have a number of server groups setup.

the trouble is that the "crypto map client authentication " is like a global command and affects all VPN groups, it does not allow you to select a different server-group for each vpngroup

as I say this is not a problem with ver 7.0 it looks like will have to upgrade to 7.0 to get this to work.

Yes, you are correct. What you want to do is not possible in 6.x.

Sincerely,

David.

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking products for a $25 gift card