10-03-2003 09:01 PM - edited 02-21-2020 10:08 AM
This seems like it should be easy but I cannot find a sample config. I have dynamic crypto maps set up for remote client VPN access on a PIX. This is working fine and users can intiate sessions by using the groupname/password. I want to configure xauth (extended authentication) however to force the remote user to have to authenticate with a username/password as well. I do not have an ACS server. I just want to establish a local user database on the PIX itself. So after a create a user with a - username xxx password xxxx. What AAA or crypto map commands do I need to execute to force the dynamic-vpn users to have to authenicate using this local user database? thanks
10-03-2003 10:39 PM
To further complicate this, I thought I found the correct command to force user authentication with the local database with -
crypto map
But after I enter this command, clear all ipsec settings, it still does not prompt me for a username and password. Once it accepts the groupname and password, a connection is immediately established without asking for a username/password.
10-05-2003 09:14 PM
10-06-2003 08:09 AM
If you have a windows 2000 server you may want to setup IAS (Part of 2000) and point the pix to the 2000 server. You can have your administrator control adding and removing users from the VPN groups and control policies via the 2000 server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: