12-02-2009 05:25 AM
Hi,
Is it possible to have two tier authentication for Remote VPN with CA and a Radius/IAS server? I got a PIX 501 with in which I have the remote VPN configured with pres-shared key. I have tried remote vpn with Certificate authentication alone some months back. But, this time, I need to have CA with Radius/IAS. Any help/howto's is really appreciated.
Thanks,
Ribin
12-02-2009 06:39 AM
yes it is possible - see the below config example:-
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008092d8f1.shtml
The only differenece is instead of using LOCAL authentication in the VPN group - you create a server group and servers, then assign that attribute to the authentication type in the VPN group authentiction.
HTH>
12-02-2009 07:22 AM
This works in PIX 501 ? Thanks for the response
- Ribin
12-02-2009 07:46 AM
You can configure a PIX with ver 6.3 to use Certificates
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/ipsecint.html#wp1036081
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: