This seems like it should be easy but I cannot find a sample config. I have dynamic crypto maps set up for remote client VPN access on a PIX. This is working fine and users can intiate sessions by using the groupname/password. I want to configure xauth (extended authentication) however to force the remote user to have to authenticate with a username/password as well. I do not have an ACS server. I just want to establish a local user database on the PIX itself. So after a create a user with a - username xxx password xxxx. What AAA or crypto map commands do I need to execute to force the dynamic-vpn users to have to authenicate using this local user database? thanks
To further complicate this, I thought I found the correct command to force user authentication with the local database with -
crypto map client authentication LOCAL
But after I enter this command, clear all ipsec settings, it still does not prompt me for a username and password. Once it accepts the groupname and password, a connection is immediately established without asking for a username/password.
If you have a windows 2000 server you may want to setup IAS (Part of 2000) and point the pix to the 2000 server. You can have your administrator control adding and removing users from the VPN groups and control policies via the 2000 server.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :