Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1451
Views
5
Helpful
3
Replies

Pix VPN Client how to authenticate with Active Directory

Go to solution
dan hale
Level 3
Level 3

‎05-05-2010 03:51 PM

Hi All, I just set up my first VPN Client on a Cisco Pix device. Everything works great as far as hitting the correct subnet's and logging on. However, I would like to see how I can have my remote users login with there active directory accounts. As of right now I'm using the local login for the pix for testing purposes. This seems easy but, I'm missing something

We are using :

Cisco Pix-515E version 6.3(3)

Thanks,

Dan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to dan hale

‎05-05-2010 04:37 PM

Unfortunately PIX version 6.3.3 does not support authentication to Active Directory. PIX v6.3.3 only supports authentication to PIX local database, radius and tacacs server.

If you would like to authenticate to your active directory, it is supported from PIX v7.x onwards.

Here is the different types of authentication supported from PIX v7.x onwards for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/aaa.html

Hope that answers your question.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-05-2010 03:55 PM

Dan,

If you're not filtering any traffic through the VPN, then the remote computers should be able to authenticate against the directory.

The remote computers should be member of the domain and included in the active directory on the main site, have you verified this?

From the remote client, can you PING the devices on the headend?

If connectivity works, but the problem is that the machines cannot authenticate against AD, make sure the computers are added to the domain correctly and there are no filters in the tunnel.

Federico.

Go to solution
dan hale
Level 3
Level 3
In response to Federico Coto Fajardo

‎05-05-2010 04:20 PM

Hi, the remote computer I'm trying to connect from is not a member of that domain. Basically what I'm trying to accomplish is users have their home (personal) computers that are not attached to the domain. What im trying to avoid is creating one remote account locally on the PIX for 20 users or creating 20 usernames on the pix. I thought it would be easier for staff if they could use there Active Directory usernames and passwords.

The Active Directory Subnet is allowed in the VPN tunnel and I can ping the AD server when I use and one of the local username and passwords on the pix.

thanks for you help,

Dan

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to dan hale

‎05-05-2010 04:37 PM

Unfortunately PIX version 6.3.3 does not support authentication to Active Directory. PIX v6.3.3 only supports authentication to PIX local database, radius and tacacs server.

If you would like to authenticate to your active directory, it is supported from PIX v7.x onwards.

Here is the different types of authentication supported from PIX v7.x onwards for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/aaa.html

Hope that answers your question.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents