manuitpro
asked on
Remote Access VPN with Radius
I have cisco pix 515E with v6.3. I want to setp Remote access VPN with Radius authentication. Pix is already configured to access our Mail server and some apllication servers from internet. I want to enable authentication only for VPN tunneled users without effecting the static maping of mail and other application servers. The following is the configuration i prepared for remote access VPN. Can any one help me to add Radius authentication to my configuration and please correct the configuration if any mistakes is there.
access-list vpn permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
ip local pool vpnpool 192.168.20.1.1-192.168.20. 254
nat (inside) 0 access-list vpn
sysopt connection permit-ipsec
crypto ipsec transform-set esp_aes256_sha esp-aes-256 esp-sha-hmac
crypto dynamic-map dynamic_out 100 set transform-set esp_aes256_sha
crypto map out_map 30 ipsec-isakmp dynamic dynamic_out
crypto map out_map interface outside
isakmp enable outside
isakmp identity address
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption aes-256
isakmp policy 5 hash sha
isakmp policy 5 group 2
isakmp policy 5 lifetime 1800
vpngroup myvpn address-pool vpnpool
vpngroup myvpn dns-server 192.168.1.xx
vpngroup myvpn wins-server 192.168.xx
vpngroup myvpn split-tunnel vpn
vpngroup myvpn idle-time 1200
vpngroup myvpn password xxxxx
Thanks in advance
access-list vpn permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
ip local pool vpnpool 192.168.20.1.1-192.168.20.
nat (inside) 0 access-list vpn
sysopt connection permit-ipsec
crypto ipsec transform-set esp_aes256_sha esp-aes-256 esp-sha-hmac
crypto dynamic-map dynamic_out 100 set transform-set esp_aes256_sha
crypto map out_map 30 ipsec-isakmp dynamic dynamic_out
crypto map out_map interface outside
isakmp enable outside
isakmp identity address
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption aes-256
isakmp policy 5 hash sha
isakmp policy 5 group 2
isakmp policy 5 lifetime 1800
vpngroup myvpn address-pool vpnpool
vpngroup myvpn dns-server 192.168.1.xx
vpngroup myvpn wins-server 192.168.xx
vpngroup myvpn split-tunnel vpn
vpngroup myvpn idle-time 1200
vpngroup myvpn password xxxxx
Thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.