VPN client authentication

Unanswered Question
Jan 31st, 2007

How do I setup a local database on the PIX 515 to allow VPN user access. I am running 7.1(2).4

Also, I've seen a lot of reference to ACS. Is this the best way for users to authenticate when connecting with a Cisco VPN client?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
ggilbert Thu, 02/01/2007 - 07:56

username bosch password bosch321 privilege 2

In the tunnel group section for the VPN clients, make sure you have authentication set to LOCAL.

If you have an ACS server, you can just point the ASA to the ACS server. All the user level settings can be done on the ACS.

Its purely a choice of network security and company policy. I would use an ACS server to set up user accounts, rather than using the ASA.



boschrexroth Thu, 02/01/2007 - 08:07

Thanks Gilbert.

Is there any documentation on how to setup a ACS server and get it working with VPN clients?

Does this tie in with Active Directory?



ggilbert Thu, 02/01/2007 - 09:19

Quick Commands needs for ASA to setup ACS server authentication:

A. Setting up ACS server

aaa-server SNOW protocol radius

aaa-server SNOW (inside) host

key cisco123

B. Setting up the Tunnel-group for ACS server authentication

tunnel-group ipsec-attributes

authentication-server-group SNOW

The ACS will be able to talk with Active Directory if users are configured on the AD and proper setup on the ACS is done inorder to query AD for user authentication request.

Sorry, I am no expert in AD. :(

Rate it, if this helps.

boschrexroth Thu, 02/01/2007 - 10:07

How do I setup the ACS server. Just download it from this site and install it?

Is there any guides available to install. Does it just need to be on a Windows server or on a domain controller.



This Discussion