Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
317
Views
0
Helpful
1
Replies

Securing PIX remote users

boschrexroth
Level 1
Level 1

‎01-03-2008 08:02 AM - edited ‎02-21-2020 01:50 AM

I am running a PIX 515 with IOS 7.1.2

Right now we use the group-authentication to authenticate remote cisco clients when VPNing into our PIX but have no control when a user leaves the company to deny him VPNing in unless we change the group password and then have to change every clients software to reflect the new password.

Can anyone point me to documentation on how to better secure this. We use Windows 2003 AD and I would like a way to configure a AD group that the PIX would look at to verify that it is a legitatimate user connecting.

I thought I also read about setting up a RADIUS server and using that but I have never worked with a RADIUS server. Can I just load one on a Windows 2003 server?

What would I need to do on the PIX side to get this running?

Thanks.

0 Helpful
1 Reply 1

acomiskey
Level 10
Level 10

‎01-03-2008 08:09 AM

Install Microsoft IAS (Internet Authentication Service) on your 2003 server.

http://technet2.microsoft.com/windowsserver/en/library/9a2a064f-a298-4026-8dfd-3d97c183f6761033.mspx?mfr=true

This next doc explains how to set up the pix and the server.

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card