Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1386
Views
0
Helpful
2
Replies

Radius authentication between W2K and a Pix 515E

cshreve
Level 1
Level 1

‎12-23-2003 10:32 AM - edited ‎03-10-2019 07:36 AM

I am needing to setup VPN for remote users and would like to use there AD user IDs for authentication. How do I set up the Pix to read ADS for authentication?

Labels:
0 Helpful
2 Replies 2

cgregg
Level 1
Level 1

‎12-24-2003 06:14 AM

I believe to do that you need a RADIUS or TACACS+ box for authentication, like Cisco ACS. The PIX firewall can be configured for local or remote authentication. Local you would have to configure your all of users locally on the PIX.

With Cisco ACS you just point the ACS to your WIN2000 AD as an external database. All you need to do is configure the ACS to use your PIX as a NAS (network access server) and add the following to your PIX: ACS is the name of my AAA server

-AAA-

aaa-server ACS protocol tacacs+

aaa-server ACS (inside) host 10.1.1.10 1q2w3e4r5t timeout 10

VPN

crypto map vpnmap client authentication ACS

This will cause all users initiating a remote VPN connection to be prompted for a user name and password which the ACS will forward to your WIN2000 AD database.

0 Helpful

cshreve
Level 1
Level 1
In response to cgregg

‎12-26-2003 06:35 AM

Thank you for your help.

Thank You

Craig

0 Helpful
Customers Also Viewed These Support Documents