How do I add a new user to an existing VPN group using the CLI on a Cisco 506E?

I have an existing VPN group with a few users already added by my predecessor where he used only the CLI.  PIX Device Mgr is not an option as we have an older version with the bug that won't load even though logged in, so this has to be done via the SLI.  I'm more than a little rusty with the Cisco CLI commands so if you could lay them out step by step I'd sure appreciate it.

I have a Cisco 506E running Pix Version 6.3(3).

Many thanks in advance
Who is Participating?
ok u want to create a different vpn group , so try like this

vpngroup <new group name > address-pool ippool
vpngroup <new group name > dns-server
vpngroup <new group name >wins-server
vpngroup <new group name > default-domain CoNamehi
vpngroup <new group name > split-tunnel split
vpngroup <new group name > idle-time 1800
vpngroup <new group name > password <new password >

then create ne users by

username <new-user> password <new_pass> privilege 15
NJJimInHIAuthor Commented:
I forgot to note, though it's probably obvious - we do not have a radius server setup on our Win 2003 server (yet).
can u show the PIX config

or try  the below command

username <new_user_name> password <new_password_>

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

NJJimInHIAuthor Commented:
Thanks, I tried <username <new_user_name> password <new_password_> and then wr mem, but no good.  I also need to add this user to our 1 VPN group, yes?  If so, how would I do that?

just show me ur config
NJJimInHIAuthor Commented:
Ok, here's our config.  What I need to do is create a second VPN group, then create 2 new VPN users and add them both to the new, second VPN group (without, of course, affecting our existing VPN group and the users assigned to it)

Our config, minus pub IPs, co name, and staff names:

PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ZqnocywcywusTIFu encrypted
passwd koWJnwNe97TnFs5c encrypted
hostname CoName1
clock timezone HST -10
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
no names
name PUBLIC IP CoNamestaff4
object-group network CoNamestaff4
  description castle server
  network-object PUBLIC IP
object-group service Alll tcp-udp
  port-object eq pim-auto-rp
  port-object eq echo
  port-object eq discard
  port-object eq kerberos
  port-object eq sunrpc
  port-object eq domain
  port-object eq tacacs
  port-object eq talk
access-list nonat permit ip 255.255.255.
access-list nonat permit ip 255.255.255.
access-list split permit ip 255.255.255.
access-list 101 permit ip

access-list outside_cryptomap_21 permit ip interface inside host PUBLIC IP
access-list outside_cryptomap_41 permit ip interface inside host PUBLIC IP
pager lines 24
logging on
logging buffered debugging
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside OUR VPN PUB IP
ip address inside
ip audit info action alarm
ip audit attack action alarm
ip local pool ippool
pdm location outside
pdm location PUBLIC IP outside
pdm location PDM LOCATION PUB IP #1 outside
pdm location PDM LOCATION PUB IP #2 outside
pdm group CoNamestaff4 outside
pdm logging alerts 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list nonat
nat (inside) 10 0 0
static (inside,outside) netmask 0 0
route outside 1
timeout xlate 24:00:00
timeout conn 24:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 12:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 24:00:00 absolute uauth 24:00:00 inactivity
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
fragment chain 1
sysopt connection tcpmss 1300
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 1 ipsec-isakmp
crypto map mymap 1 match address 101
crypto map mymap 1 set peer PUBLIC IP
crypto map mymap 1 set transform-set myset
crypto map mymap 65535 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication LOCAL
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address PUBLIC IP netmask no-xauth no-conf
isakmp peer ip PUBLIC IP no-xauth no-config-mode
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication rsa-sig
isakmp policy 30 encryption 3des
isakmp policy 30 hash md5
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
isakmp policy 50 authentication pre-share
isakmp policy 50 encryption 3des
isakmp policy 50 hash md5
isakmp policy 50 group 2
isakmp policy 50 lifetime 86400
vpngroup YYYYYY address-pool ippool
vpngroup YYYYYY dns-server
vpngroup YYYYYY wins-server
vpngroup YYYYYY default-domain CoNamehi
vpngroup YYYYYY split-tunnel split
vpngroup YYYYYY idle-time 1800
vpngroup YYYYYY password ********
telnet timeout 5
ssh PDM LOCATION PUB IP #2 outside
ssh timeout 5
management-access inside
console timeout 0
username staff1 password 133aVGxc9fMFodIq encrypted privilege 15
username staff2 password TCiIvK.1pGXBIdyj encrypted privilege 2
username staff3 password px7VhdwDJWQMouTB encrypted privilege 15
username staff4 password uhNWs/HV3GUdCxCj encrypted privilege 2
username staff5 password 4lMuLi3HFTu2yAve encrypted privilege 2
username staff6 password bd5PKYh3LZUQjtcb encrypted privilege 15
username staff7 password q30NoU1q6prsKjjA encrypted privilege 15
username staff8 password CV7OQ9DnCTolX7wf encrypted privilege 15
username staff9 password /ZyxBmPmI3HqWytp encrypted privilege 15
username staff10 password jl6kjaKKWUh7XtNP encrypted privilege 15
username staff11 password nN6KakjfbHLWT3VQ encrypted privilege 15
username staff12 password pEqR6TbYGsFhiFxN encrypted privilege 2
username staff13 password FnJREJql6j5an2L/ encrypted privilege 15
terminal width 80
you have to use the newly created group name and password on the client
NJJimInHIAuthor Commented:
Well done.  Thank you very much.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.