Remote VPN on a PIX501

Its been a while and my experience is with ASA's. It appears they are different than the PIX501 with IOS v.6.3.

How can I specify a local user database for users logging into the remote VPN? There will be only a couple of users, 4 or 5 at the MOST remoting in so I do not want to set up a RADIUS server or anything like that just for this.

I see where to specify the auth server with:

vpngroup GROUP_NAME authentication-server ???? but local does not work here and ? isn't giving me options.

Thanks for any help.


Reply to
Loading thread data ...

formatting link

Reply to
maxim chebanenko

Try this:

access-list clients permit ip

ip local pool dealer mask

aaa-server LOCAL protocol local aaa-server local protocol tacacs+ aaa-server local max-failed-attempts 3 aaa-server local deadtime 10

sysopt connection permit-ipsec

crypto ipsec transform-set strong-des esp-3des esp-sha-hmac crypto map remote-access client authentication LOCAL crypto map remote-access interface outside

isakmp enable outside isakmp identity address isakmp nat-traversal 20 isakmp policy 8 authentication pre-share isakmp policy 8 encryption 3des isakmp policy 8 hash md5 isakmp policy 8 group 2 isakmp policy 8 lifetime 86400

vpngroup extclients address-pool dealer vpngroup extclients dns-server 10.0.0.** vpngroup extclients default-domain domain.local vpngroup extclients split-tunnel clients vpngroup extclients idle-time 1800 vpngroup extclients password blahblahblah

username another password blah privilege 2 username fbloggs password blah privilege 2 username jblow password blah privilege 2


Reply to
Alister Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.