Configure PIX with VPN using Individual User Authentication

I've a got a pix 515 setup for vpn client access using group authentication. I have a group name and password defined on the pix. Clients are able to connect just find using the same shared group name and password. However, I've wanted to implement user authentication in addtion to the group authentication. I setup a radius server and have run some radius tests (switched http auth for administering the pix to point to the radius server...and it works fine.) My VPN group is configured as follows:

vpngroup myvpngroup address-pool vpn vpngroup myvpngroup dns-server vpngroup myvpngroup default-domain vpngroup myvpngroup idle-time 60000 vpngroup myvpngroup authentication-server RADIUS vpngroup myvpngroup user-authentication vpngroup myvpngroup password

Most recently I added these lines to try and get it to trigger user auth: vpngroup myvpngroup authentication-server RADIUS vpngroup myvpngroup user-authentication

However, when I launch the vpn client from a windows machine, I never get prompted to put in my individual user auth credentials. It just connects as usual with my vpngroup name/pw compbo.

Is there something else that needs to be done either on the pix side or with the client to get the user auth to trigger?



Reply to
Loading thread data ...

the "user-authentication" part goes in the crypto map. but you 1st must define your radius server, then add it to crypto-map.

example: aaa-server AD-IAS protocol radius aaa-server AD-IAS (inside) host x.x.x.x password timeout 10 crypto map outside_map client authentication AD-IAS crypto map outside_map interface outside

Reply to
uNiXpSyChO Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.