Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2530
Views
0
Helpful
3
Replies

PIX to VPN client Local Authentication

Go to solution
chan-kuen.hui
Level 1
Level 1

‎05-06-2003 07:48 PM - edited ‎02-21-2020 10:06 AM

Hi,

I am using VPN client 3.x connect to PIX 515 using IPSec. I would like to use PIX local authentication for VPN Client. But I cannot use the command "vpngroup group1 authentication-server LOCAL". Is there any way to use LOCAL authentication for VPN client on PIX.

Thanks.

Regards,

Doug

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ovt
Level 4
Level 4
In response to chan-kuen.hui

‎05-07-2003 02:07 AM

Try "crypto map ... client authentication LOCAL" instead.

This command specifies authentication method for XAUTH.

All of the "vpngroup" commands specify different parameters to be pushed

to the software/hardware IPSec clients via ModeCfg. For example,

"vpngroup vpngroup1 authentication-server LOCAL" is for Individual User

Authentication by 3002 hardware client. And, you're right, IUA is not

supported with LOCAL :(

Oleg Tipisov,

REDCENTER,

Moscow

View solution in original post

0 Helpful
3 Replies 3

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎05-06-2003 08:50 PM

Upgrade the PIX to 6.3, then you'll be OK.

0 Helpful

Go to solution
chan-kuen.hui
Level 1
Level 1
In response to gfullage

‎05-07-2003 12:25 AM

I am using ver 6.3(1) now, but I have the following message when I enter the command:

pixfirewall(config)# vpngroup vpngroup1 authentication-server LOCAL

Protocol "local" is not supported for authentication of remote users of a h/w cl

ient

pixfirewall(config)# sh ver

Cisco PIX Firewall Version 6.3(1)

Compiled on Wed 19-Mar-03 11:49 by morlee

pixfirewall up 21 mins 11 secs

Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz

Flash i28F640J5 @ 0x300, 16MB

BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 0004.9ad0.c816, irq 11

1: ethernet1: address is 0004.9ad0.c817, irq 10

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Disabled

Maximum Interfaces: 6

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has an Unrestricted (UR) license.

Serial Number: 406071101 (0x1834273d)

Running Activation Key: 0xdf6af783 0x27bb9e67 0xcc7c2b21 0xd3e0d226

Configuration last modified by enable_15 at 00:15:53.904 UTC Wed May 7 2003

pixfirewall(config)#

Regards,

Doug

0 Helpful

Go to solution
ovt
Level 4
Level 4
In response to chan-kuen.hui

‎05-07-2003 02:07 AM

Try "crypto map ... client authentication LOCAL" instead.

This command specifies authentication method for XAUTH.

All of the "vpngroup" commands specify different parameters to be pushed

to the software/hardware IPSec clients via ModeCfg. For example,

"vpngroup vpngroup1 authentication-server LOCAL" is for Individual User

Authentication by 3002 hardware client. And, you're right, IUA is not

supported with LOCAL :(

Oleg Tipisov,

REDCENTER,

Moscow

0 Helpful
Customers Also Viewed These Support Documents