Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX Remote Access VPN - Local Authentication

Hi,

I would like to terminate my remote access VPN on a PIX 525 software 6.3(4).

Can I use the following command to enable local user authentication:

crypto map my-map client authentication local

I do not have a AAA server in the environment.

(this is a design only, so don't have the kit to test on either)

Many thanks!

Carl.

2 REPLIES
New Member

Re: PIX Remote Access VPN - Local Authentication

If local authentication was used, I'm now guessing that this would expose my firewall credential to remote access users. Something that is not desirable.

Anyway around this? can I specify usergroups etc?

Thanks.

Cisco Employee

Re: PIX Remote Access VPN - Local Authentication

Hi Carl,

Yes, you can authenticate VPN users to the LOCAL user database.

If you also authenticate to the PIX using Telnet/SSH/HTTPS to the LOCAL database, then yes, those users will also be able to authenticate. However, you can set their privilege level to 1 and thus they will not be able to get into enable mode. (You could also use a seperate global enable password instead of using the LOCAL database for the enable password.)

Hope it helps,

David.

168
Views
0
Helpful
2
Replies
CreatePlease login to create content