Using ACS and Microsoft IAS for VPN simultaneously

dlitteer · ‎06-26-2007

I'm currently using and older ACS and TACACS+ with a PIX 506E for VPN and have to test RSA SecurID which uses RADIUS IAS. I would like to use both at the same time; the ACS for current VPN and the IAS just to test a single RSA device, but don't know how to configure the PIX?

Premdeep Banga · ‎06-26-2007

Hi,

Can you please elaborate on the issue?

What exactly do we need,

i.e, what kind of traffic do we need to authenticate using IAS?

As currently we have ACS authenticating VPN users.

Or do we need IAS as a secondary server after IAS?

Regards,

Prem

Premdeep Banga · ‎06-26-2007

correction

Or do we need IAS as a secondary server after IAS?

*Or do we need IAS as a secondary server after ACS?

lmslattery · ‎06-26-2007

Hi

I would recommend defining your IAS server as a RADIUS server in your Pix config and then creating a second VPN Group to test with that authenticates via RADIUS.

Leon

dlitteer · ‎06-26-2007

That's what I was hoping to hear. I've already started to configure the IAS server as RADIUS and was going to add the appropriate "aaa-server partneruauth..." commands on the PIX. I just wasn't sure about the second vpngroup.

lmslattery · ‎06-26-2007

Basically , set it up exactly the same as your existing group except use a different name and you should be right.

You would then just need to configure a VPN client fo ryour new group to test with.

dlitteer · ‎06-27-2007

Thanks again. Can I use the same address pool between the two groups, or do I need to create a new ip pool?