I've a got a pix 515 setup for vpn client access using group authentication. I have a group name and password defined on the pix. Clients are able to connect just find using the same shared group name and password. However, I've wanted to implement user authentication in addtion to the group authentication. I setup a radius server and have run some radius tests (switched http auth for administering the pix to point to the radius server...and it works fine.) My VPN group is configured as follows:
vpngroup myvpngroup address-pool vpn vpngroup myvpngroup dns-server vpngroup myvpngroup default-domain vpngroup myvpngroup idle-time 60000 vpngroup myvpngroup authentication-server RADIUS vpngroup myvpngroup user-authentication vpngroup myvpngroup password
Most recently I added these lines to try and get it to trigger user auth: vpngroup myvpngroup authentication-server RADIUS vpngroup myvpngroup user-authentication
However, when I launch the vpn client from a windows machine, I never get prompted to put in my individual user auth credentials. It just connects as usual with my vpngroup name/pw compbo.
Is there something else that needs to be done either on the pix side or with the client to get the user auth to trigger?
Thanks,
Jeff