PIX and FreeRADIUS

Sorry for the late response guys, i was away from my place and couln't access the internet.

Well, Chris, i have not enabled Accounting yet, honestly, didn't really feel the need. i will do it ultimately but its not really on the top priority list. yes, my remote users' VPN are terminating on the PIX 515E. i have a cisco ISR, but i am more comfortable on the PIX as far as the VPN are concerned.

Toddwoo, i would be posting the config for the PIX and the FreeRADIUS shortly, just got back and haven't got the opportunity yet, but i will definitely share it with you all.

regards,

Hey Guys,

Here is the sample config for vpn client in PIX (6.x) with Radius auth:

ASSUMPTIONS:

Internal Ip address range:192.168.200.0/24
Ip address pool:192.168.250.0/24
Radius Server address:192.168.200.196


access-list inside_outbound_nat0_acl permit permit ip 192.168.200.0 255.255.255.0 192.168.250.0 255.255.255.0
access-list splitTunnelAcl permit ip 192.168.200.0 255.255.255.0 192.168.250.0 255.255.255.0

global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl permit
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

ip local pool staffpool 192.168.250.1-192.168.250.254

aaa-server RADIUS protocol radius
aaa-server MYSERVER protocol radius
aaa-server MYSERVER (inside) host 192.168.200.196 cisco123
timeout 5

isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 10 set transform-set myset
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication MYSERVER
crypto map outside_map interface outside

vpngroup vpnstaff address-pool staffpool
vpngroup vpnstaff split-tunnel splitTunnelAcl
vpngroup vpnstaff idle-time 1800
vpngroup vpnstaff password cisco123


Hope this helps!!