05-06-2003 07:48 PM - edited 02-21-2020 10:06 AM
Hi,
I am using VPN client 3.x connect to PIX 515 using IPSec. I would like to use PIX local authentication for VPN Client. But I cannot use the command "vpngroup group1 authentication-server LOCAL". Is there any way to use LOCAL authentication for VPN client on PIX.
Thanks.
Regards,
Doug
Solved! Go to Solution.
05-07-2003 02:07 AM
Try "crypto map ... client authentication LOCAL" instead.
This command specifies authentication method for XAUTH.
All of the "vpngroup" commands specify different parameters to be pushed
to the software/hardware IPSec clients via ModeCfg. For example,
"vpngroup vpngroup1 authentication-server LOCAL" is for Individual User
Authentication by 3002 hardware client. And, you're right, IUA is not
supported with LOCAL :(
Oleg Tipisov,
REDCENTER,
Moscow
05-06-2003 08:50 PM
Upgrade the PIX to 6.3, then you'll be OK.
05-07-2003 12:25 AM
I am using ver 6.3(1) now, but I have the following message when I enter the command:
pixfirewall(config)# vpngroup vpngroup1 authentication-server LOCAL
Protocol "local" is not supported for authentication of remote users of a h/w cl
ient
pixfirewall(config)# sh ver
Cisco PIX Firewall Version 6.3(1)
Compiled on Wed 19-Mar-03 11:49 by morlee
pixfirewall up 21 mins 11 secs
Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 0004.9ad0.c816, irq 11
1: ethernet1: address is 0004.9ad0.c817, irq 10
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Disabled
Maximum Interfaces: 6
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has an Unrestricted (UR) license.
Serial Number: 406071101 (0x1834273d)
Running Activation Key: 0xdf6af783 0x27bb9e67 0xcc7c2b21 0xd3e0d226
Configuration last modified by enable_15 at 00:15:53.904 UTC Wed May 7 2003
pixfirewall(config)#
Regards,
Doug
05-07-2003 02:07 AM
Try "crypto map ... client authentication LOCAL" instead.
This command specifies authentication method for XAUTH.
All of the "vpngroup" commands specify different parameters to be pushed
to the software/hardware IPSec clients via ModeCfg. For example,
"vpngroup vpngroup1 authentication-server LOCAL" is for Individual User
Authentication by 3002 hardware client. And, you're right, IUA is not
supported with LOCAL :(
Oleg Tipisov,
REDCENTER,
Moscow
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide