12-23-2003 10:32 AM - edited 03-10-2019 07:36 AM
I am needing to setup VPN for remote users and would like to use there AD user IDs for authentication. How do I set up the Pix to read ADS for authentication?
12-24-2003 06:14 AM
I believe to do that you need a RADIUS or TACACS+ box for authentication, like Cisco ACS. The PIX firewall can be configured for local or remote authentication. Local you would have to configure your all of users locally on the PIX.
With Cisco ACS you just point the ACS to your WIN2000 AD as an external database. All you need to do is configure the ACS to use your PIX as a NAS (network access server) and add the following to your PIX: ACS is the name of my AAA server
-AAA-
aaa-server ACS protocol tacacs+
aaa-server ACS (inside) host 10.1.1.10 1q2w3e4r5t timeout 10
VPN
crypto map vpnmap client authentication ACS
This will cause all users initiating a remote VPN connection to be prompted for a user name and password which the ACS will forward to your WIN2000 AD database.
12-26-2003 06:35 AM
Thank you for your help.
Thank You
Craig
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide