Authentication and group matching in IOS IPSec VPN
We have aquired IPsec VPN SPA modules for future IPsec VPN Client and L2L VPN implementations.
My question is about the authentication of VPN Clients
Is there a way to keep a local database on the actual device and match local usernames to certain VPN Groups? Or will all usernames configured on the local device be able to log on to any of the configured VPN groups if they happen to have the group name and key?
Would we have to use a separate AAA server to accomplish the "user to group" matching or can it be achieved on the actual device itself where the VPN modules are installed?
Any help or reference to some material would be appriciated
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...