All,
Thank you for the feedback in advance.
I am a bit confused. I configured a PIX 506e firewall for client side VPN access by creating multiple "vpngroups" per client. Then the users use the CVPN client to connect via the vpngroup assigned to them.
Now that the company is growing, I want to create preferably one vpngroup that multiple clients can connect to and use Microsoft IAS to authenticate each user (via AD Domain) to establish the connection.
Questions are:
- Can this be done?
- Do I have to create a separate vpngroup per client?
- If not for #2, then how do I configure this FW to handle multiple vpn sessions, keeping each session separate, using one vpngroup?
Here is a partial config:
aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server ex-auth (inside) protocol radius aaa-server ex-auth (inside) host AAA.BBB.CCC.PPP test timeout 5
crypto ipsec transform-set exset esp-3des esp-md5-hmac crypto dynamic-map dyn-ex 10 set transform-set exset crypto map exmap 10 ipsec-isakmp dynamic dyn-ex crypto map exmap client authentication ex-auth crypto map exmap interface outside
isakmp enable outside isakmp identity address isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400
vpngroup vpnias address-pool ippool vpngroup vpnias dns-server AAA.BBB.CCC.DDD WWW.XXX.YYY.ZZZ vpngroup vpnias wins-server AAA.BBB.CCC.DDD vpngroup vpnias default-domain MYDOMAIN vpngroup vpnias split-tunnel 102 vpngroup vpnias idle-time 1800 vpngroup vpnias password ************
THANKS!!!