Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Radius authentication between W2K and a Pix 515E

I am needing to setup VPN for remote users and would like to use there AD user IDs for authentication. How do I set up the Pix to read ADS for authentication?

2 REPLIES
Community Member

Re: Radius authentication between W2K and a Pix 515E

I believe to do that you need a RADIUS or TACACS+ box for authentication, like Cisco ACS. The PIX firewall can be configured for local or remote authentication. Local you would have to configure your all of users locally on the PIX.

With Cisco ACS you just point the ACS to your WIN2000 AD as an external database. All you need to do is configure the ACS to use your PIX as a NAS (network access server) and add the following to your PIX: ACS is the name of my AAA server

-AAA-

aaa-server ACS protocol tacacs+

aaa-server ACS (inside) host 10.1.1.10 1q2w3e4r5t timeout 10

VPN

crypto map vpnmap client authentication ACS

This will cause all users initiating a remote VPN connection to be prompted for a user name and password which the ACS will forward to your WIN2000 AD database.

Community Member

Re: Radius authentication between W2K and a Pix 515E

Thank you for your help.

Thank You

Craig

151
Views
0
Helpful
2
Replies
CreatePlease to create content