Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Dynamic VPN authentication

This seems like it should be easy but I cannot find a sample config. I have dynamic crypto maps set up for remote client VPN access on a PIX. This is working fine and users can intiate sessions by using the groupname/password. I want to configure xauth (extended authentication) however to force the remote user to have to authenticate with a username/password as well. I do not have an ACS server. I just want to establish a local user database on the PIX itself. So after a create a user with a - username xxx password xxxx. What AAA or crypto map commands do I need to execute to force the dynamic-vpn users to have to authenicate using this local user database? thanks

3 REPLIES
New Member

Re: Dynamic VPN authentication

To further complicate this, I thought I found the correct command to force user authentication with the local database with -

crypto map client authentication LOCAL

But after I enter this command, clear all ipsec settings, it still does not prompt me for a username and password. Once it accepts the groupname and password, a connection is immediately established without asking for a username/password.

New Member

Re: Dynamic VPN authentication

New Member

Re: Dynamic VPN authentication

If you have a windows 2000 server you may want to setup IAS (Part of 2000) and point the pix to the 2000 server. You can have your administrator control adding and removing users from the VPN groups and control policies via the 2000 server.

91
Views
0
Helpful
3
Replies
CreatePlease login to create content