Remote VPN on a PIX501

- K
- KDawg44
  
  Contact options for registered users
posted
13 years ago

Fri, Aug 13, 2010 12:08 AM

Its been a while and my experience is with ASA's. It appears they are different than the PIX501 with IOS v.6.3.

How can I specify a local user database for users logging into the remote VPN? There will be only a couple of users, 4 or 5 at the MOST remoting in so I do not want to set up a RADIUS server or anything like that just for this.

I see where to specify the auth server with:

vpngroup GROUP_NAME authentication-server ???? but local does not work here and ? isn't giving me options.

Thanks for any help.

Kevin

- M
- maxim chebanenko
  
  Contact options for registered users
Vote on answer
posted
13 years ago

Fri, Aug 13, 2010 5:40 AM

formatting link

- A
- Alister
  
  Contact options for registered users
Vote on answer
posted
13 years ago

Fri, Aug 13, 2010 6:24 PM

Try this:

access-list clients permit ip 10.0.0.0 255.255.255.0 10.1.1.0 255.255.255.0

ip local pool dealer 10.1.1.1-10.1.1.254 mask 255.255.255.0

aaa-server LOCAL protocol local aaa-server local protocol tacacs+ aaa-server local max-failed-attempts 3 aaa-server local deadtime 10

sysopt connection permit-ipsec

crypto ipsec transform-set strong-des esp-3des esp-sha-hmac crypto map remote-access client authentication LOCAL crypto map remote-access interface outside

isakmp enable outside isakmp identity address isakmp nat-traversal 20 isakmp policy 8 authentication pre-share isakmp policy 8 encryption 3des isakmp policy 8 hash md5 isakmp policy 8 group 2 isakmp policy 8 lifetime 86400

vpngroup extclients address-pool dealer vpngroup extclients dns-server 10.0.0.** vpngroup extclients default-domain domain.local vpngroup extclients split-tunnel clients vpngroup extclients idle-time 1800 vpngroup extclients password blahblahblah

username another password blah privilege 2 username fbloggs password blah privilege 2 username jblow password blah privilege 2

Alister