Hello,
This is what I would like to do:
I have two vpngroups (A and B) created on the PIX. I want the A group to authenticate via Radius to Server A and the B group to authenticate to Server B (also via Radius)
So it looks like this so far:
aaa-server A protocol radius aaa-server A (inside) host server_A chuck
aaa-server B protocol radius aaa-server B (inside) host server_B berry
-------------------------------------------------------------------------------------
vpngroup A authentication-server A vpngroup A password ********
vpngroup B authentication-server B vpngroup B password ********
-------------------------------------------------------------------------------------
crypto ipsec transform-set myset esp-3des esp-md5-hmac crypto ipsec security-association lifetime kilobytes 100000 crypto dynamic-map dynmap 10 set transform-set myset crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap client configuration address initiate crypto map mymap client configuration address respond crypto map mymap client authentication A crypto map mymap interface outside
--------------------------------------------------------------------------------------
You can see that I have the crypto map client authentication pointing to A and thats OK and it works fine, but when I go to add B it just takes the place of A, and I cant have both. I tried creating a new crypto may called newmap with all the same things as the original but then I am stuck again becuause I can only apply one map to the outside interface.
Can anyone help??
Thanks,
P.