Remote VPN on a PIX501
in [Cisco]
|
From: KDawg44 on 12 Aug 2010 20:08 Its been a while and my experience is with ASA's. It appears they are different than the PIX501 with IOS v.6.3. How can I specify a local user database for users logging into the remote VPN? There will be only a couple of users, 4 or 5 at the MOST remoting in so I do not want to set up a RADIUS server or anything like that just for this. I see where to specify the auth server with: vpngroup GROUP_NAME authentication-server ???? but local does not work here and ? isn't giving me options. Thanks for any help. Kevin
From: maxim chebanenko on 13 Aug 2010 01:40 On 13 авг, 06:08, KDawg44 <kdaw...(a)gmail.com> wrote: > Its been a while and my experience is with ASA's.  It appears they are > different than the PIX501 with IOS v.6.3. > > How can I specify a local user database for users logging into the > remote VPN?  There will be only a couple of users, 4 or 5 at the MOST > remoting in so I do not want to set up a RADIUS server or anything > like that just for this. > > I see where to specify the auth server with: > > vpngroup GROUP_NAME authentication-server ????  but local does not > work here and ? isn't giving me options. > > Thanks for any help. > > Kevin http://www.ciscosystems.com/application/pdf/paws/100936/asa8x-split-tunnel-anyconnect-config.pdf
From: Alister on 13 Aug 2010 14:24 On 13/08/2010 01:08, KDawg44 wrote: > Its been a while and my experience is with ASA's. It appears they are > different than the PIX501 with IOS v.6.3. > > How can I specify a local user database for users logging into the > remote VPN? There will be only a couple of users, 4 or 5 at the MOST > remoting in so I do not want to set up a RADIUS server or anything > like that just for this. > > I see where to specify the auth server with: > > vpngroup GROUP_NAME authentication-server ???? but local does not > work here and ? isn't giving me options. > > Thanks for any help. > > Kevin Try this: access-list clients permit ip 10.0.0.0 255.255.255.0 10.1.1.0 255.255.255.0 ip local pool dealer 10.1.1.1-10.1.1.254 mask 255.255.255.0 aaa-server LOCAL protocol local aaa-server local protocol tacacs+ aaa-server local max-failed-attempts 3 aaa-server local deadtime 10 sysopt connection permit-ipsec crypto ipsec transform-set strong-des esp-3des esp-sha-hmac crypto map remote-access client authentication LOCAL crypto map remote-access interface outside isakmp enable outside isakmp identity address isakmp nat-traversal 20 isakmp policy 8 authentication pre-share isakmp policy 8 encryption 3des isakmp policy 8 hash md5 isakmp policy 8 group 2 isakmp policy 8 lifetime 86400 vpngroup extclients address-pool dealer vpngroup extclients dns-server 10.0.0.** vpngroup extclients default-domain domain.local vpngroup extclients split-tunnel clients vpngroup extclients idle-time 1800 vpngroup extclients password blahblahblah username another password blah privilege 2 username fbloggs password blah privilege 2 username jblow password blah privilege 2 Alister
|
Pages: 1 Prev: Setting up 1941 with Amazon EC2. |