I am running a PIX 515 with IOS 7.1.2
Right now we use the group-authentication to authenticate remote cisco clients when VPNing into our PIX but have no control when a user leaves the company to deny him VPNing in unless we change the group password and then have to change every clients software to reflect the new password.
Can anyone point me to documentation on how to better secure this. We use Windows 2003 AD and I would like a way to configure a AD group that the PIX would look at to verify that it is a legitatimate user connecting.
I thought I also read about setting up a RADIUS server and using that but I have never worked with a RADIUS server. Can I just load one on a Windows 2003 server?
What would I need to do on the PIX side to get this running?