user/pass accounts for VPN access *not group pass* 1

[sicktrick]

It was easy to setup a groupname and group password to enable simple vpn access, but is there a way to create accounts in the PIX itself to have individual accounts so that's it's simple to enable and disable access to users?

I thought it was in the LOCAL database, but that only seems to be for access to the PDM or the console, not for VPN access.

 

[orangehat]

If you have a radius server (i.e. w2k server with active directory) do a radius check so when the user comes in with the groupname/password they get a 2nd prompt for their windows username/password from the server, on the server enable remote access. End result is to turn 'on' or 'off' access is controlled via the 'enable' on the dial-in tab for each user. Also eliminates teaching other admins how to use the pix since all is controlled via the dial-in tab. You will need to install the internet authenication service on the w2k server.
--
orangehat

 

[NetworkGhost]

You can define local users on the pix for VPN Access. I currently dont have the time to do an example but for short you will set you authentication server defined in your policy to local. Is this IPSEC, PPTP?

 

[sicktrick]

it's IPSEC, so I guess it is a LOCAL database. I guess I should choose "extended client authentication" (i think that's it) in the PDM VPN wizard.