Using ACS and Microsoft IAS for VPN simultaneously

Unanswered Question
Jun 26th, 2007

I'm currently using and older ACS and TACACS+ with a PIX 506E for VPN and have to test RSA SecurID which uses RADIUS IAS. I would like to use both at the same time; the ACS for current VPN and the IAS just to test a single RSA device, but don't know how to configure the PIX?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Premdeep Banga Tue, 06/26/2007 - 12:32


Can you please elaborate on the issue?

What exactly do we need,

i.e, what kind of traffic do we need to authenticate using IAS?

As currently we have ACS authenticating VPN users.

Or do we need IAS as a secondary server after IAS?



Premdeep Banga Tue, 06/26/2007 - 12:33


Or do we need IAS as a secondary server after IAS?

*Or do we need IAS as a secondary server after ACS?

lmslattery Tue, 06/26/2007 - 12:41


I would recommend defining your IAS server as a RADIUS server in your Pix config and then creating a second VPN Group to test with that authenticates via RADIUS.


dlitteer Tue, 06/26/2007 - 13:19

That's what I was hoping to hear. I've already started to configure the IAS server as RADIUS and was going to add the appropriate "aaa-server partneruauth..." commands on the PIX. I just wasn't sure about the second vpngroup.

lmslattery Tue, 06/26/2007 - 13:56

Basically , set it up exactly the same as your existing group except use a different name and you should be right.

You would then just need to configure a VPN client fo ryour new group to test with.

dlitteer Wed, 06/27/2007 - 12:07

Thanks again. Can I use the same address pool between the two groups, or do I need to create a new ip pool?


This Discussion