I have a PIX 515 and I am supporting many users with the VPN Client v4.0.2. I have many different vpngroups configured for various reasons. I would like to utilize AAA for some of the groups but not others. Is this possible?
Yes this is possible. There are several methods of Radius/Tacacs. I use a Cisco ACS server and define my groups in the ACS server with the same as the vpn gorups. Those users on our win2k network are passed from the ACS server to windows Active Directory fjor their authentication. Those users you don't want leave as local users. My suggestion would be to set up one point of administration and that would be the ACS server. There you can define and manage all users both corporate and vendor/remote access.
Yes it is working, however I send everyone desiring VPN Access through the Cisco ACS server and define access resttrictions on the network using Network Access Restriction (NAR) groups defined on the ACS server.
No that is not correct. I simply build the vpn groups based on the acs groups and allow access to devices based on ACS. The people that belong to our enterprise are passed from ACS to Windows ADS with no problem.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...