Radius authentication between W2K and a Pix 515E

Unanswered Question
Dec 23rd, 2003
User Badges:

I am needing to setup VPN for remote users and would like to use there AD user IDs for authentication. How do I set up the Pix to read ADS for authentication?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

I believe to do that you need a RADIUS or TACACS+ box for authentication, like Cisco ACS. The PIX firewall can be configured for local or remote authentication. Local you would have to configure your all of users locally on the PIX.


With Cisco ACS you just point the ACS to your WIN2000 AD as an external database. All you need to do is configure the ACS to use your PIX as a NAS (network access server) and add the following to your PIX: ACS is the name of my AAA server

-AAA-

aaa-server ACS protocol tacacs+

aaa-server ACS (inside) host 10.1.1.10 1q2w3e4r5t timeout 10


VPN

crypto map vpnmap client authentication ACS


This will cause all users initiating a remote VPN connection to be prompted for a user name and password which the ACS will forward to your WIN2000 AD database.

cshreve Fri, 12/26/2003 - 06:35
User Badges:

Thank you for your help.


Thank You

Craig

Actions

This Discussion