"Burrill, Jim" <[EMAIL PROTECTED]> wrote: > Is it possible to configure a cisco Pix with separate radius > definitions and auth against Freeradius using separate secrets so you can > separate to specific groups?
That would be up to the PIX. > We've attempted it and it seems to find the > first client on the list and ignores the second. Any Ideas? Listing two "clients" entries in FreeRADIUS won't work. A short way to get around it is to run two radius servers on the same machine, one one port X (for VPN), and one on port Y (for admin access). They can each have different shared secrets for the PIX, and different databases. As of yesterday, the current CVS head supports per-socket lists of clients. So you can run one server, have it listen on two ports, and have different shared secrets for a client on each port. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
