Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX VPN client user authentication


I have a PIX 506E with 6.3(5) and wanted to know if I can configure VPN client with group and user authentications. I know I can configure just group authentication so users dont have to use the password everytime they try to connect. However I am also looking for second level of user authentication so I dont have to change the group password everytime a user leave the organization.

I configured this on a PIX and ASA units with newer versions but I cannot find the commands for 6.3(5)

I see commands below related to this

vpngroup <group_name> secure-unit-authentication

vpngroup <group_name> authentication-server <server_tag>

vpngroup <group_name> user-authentication

When I configure

vpngroup <group_name> user-authentication

I get the message

"Please configure an authentication server before enabling user authentication"

And when I add the below, I cannot configure for LOCAL authentication and accept only TACACS+ and RADIUS

vpngroup <group_name> authentication-server <server_tag>

So I am not sure if I can configure second level user authentication on this version.



Re: PIX VPN client user authentication

can you post the output of "show aaa"

New Member

Re: PIX VPN client user authentication

when I do sh aaa, I just see aaa proxy-limit 16. I have not configured anything with aaa specifically. But I see this below in the config as default.

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

New Member

Re: PIX VPN client user authentication

can someone advise on this please?