Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Difference in ezvpn on IOS & PIX7

Can two different groups ezvpn on IOS routers be authenticated/authorized differently? for e.g. GROUPA using RADIUS and GROUPB from local.

ON IOS routers, What i can see is that the AAA lists are defined against the crypto map which is common for all groups. e.g.

aaa authentication login AUTHENTICATION_LIST group radius local

aaa authorization network AUTHORIZATION_LIST group radius local

crypto map MAP client authentication list AUTHENTICATION_LIST

crypto map MAP isakmp authorization list AUTHORIZATION_LIST

On PIX i can do the same thing on tunnel group level and so each group can be authenticated/authorized differently i.e. GROUPA using RADIUS and GROUPB using LOCAL

e.g.

pixfirewall(config)# tunnel-group TUNNEL_GRP general-attributes

pixfirewall(config-tunnel-general)#

authentication-server-group

authorization-dn-attributes

authorization-server-group

is my understanding correct or i'm missing something here ??

1 REPLY
New Member

Re: Difference in ezvpn on IOS & PIX7

I think you are right, from IOS it is not possible to have different groups to be authenticated differently. Following link may help you

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml

89
Views
0
Helpful
1
Replies