setting up remote access vpn authentication on 501

Unanswered Question
Jun 9th, 2009

I want to setup a 501 pix so remote users cannot connect to it using the Cisco VPN client, however, I do not have a Radius or TACACS server. how do I set up the pix so that I can define local accounts the users can connect with, and is it possible for the pix to forward to an active directory for authentication if I didn't go with local auth? If it can't be done with the Cisco VPN client, can either type of authentication (local or AD) be done using PPTP on a windows machine so that they didn't need to load the VPN client?


Lastly, can site to site vpn tunnels be implemented on the same pix if its also serving remote access tunnels? I've heard the limit is 10 on the pix, but I don't know if thats a total for both remote access and site to site? anyone know this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Mon, 06/15/2009 - 14:12

Here are answers to some of your queries.


set up the pix so that I can define local accounts the users can connect with

>> yes this is possible, check this link for such config

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml



PIX with Active directory authentication

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml


L2Tp to PIX/ASA with local authentication

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080093f89.shtml


can site to site vpn tunnels be implemented on the same pix if its also serving remote access tunnels

>> YES, something like this

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080912cfd.shtml

Actions

This Discussion