Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Using ACS and Microsoft IAS for VPN simultaneously

I'm currently using and older ACS and TACACS+ with a PIX 506E for VPN and have to test RSA SecurID which uses RADIUS IAS. I would like to use both at the same time; the ACS for current VPN and the IAS just to test a single RSA device, but don't know how to configure the PIX?

6 REPLIES

Re: Using ACS and Microsoft IAS for VPN simultaneously

Hi,

Can you please elaborate on the issue?

What exactly do we need,

i.e, what kind of traffic do we need to authenticate using IAS?

As currently we have ACS authenticating VPN users.

Or do we need IAS as a secondary server after IAS?

Regards,

Prem

Re: Using ACS and Microsoft IAS for VPN simultaneously

correction

Or do we need IAS as a secondary server after IAS?

*Or do we need IAS as a secondary server after ACS?

New Member

Re: Using ACS and Microsoft IAS for VPN simultaneously

Hi

I would recommend defining your IAS server as a RADIUS server in your Pix config and then creating a second VPN Group to test with that authenticates via RADIUS.

Leon

New Member

Re: Using ACS and Microsoft IAS for VPN simultaneously

That's what I was hoping to hear. I've already started to configure the IAS server as RADIUS and was going to add the appropriate "aaa-server partneruauth..." commands on the PIX. I just wasn't sure about the second vpngroup.

New Member

Re: Using ACS and Microsoft IAS for VPN simultaneously

Basically , set it up exactly the same as your existing group except use a different name and you should be right.

You would then just need to configure a VPN client fo ryour new group to test with.

New Member

Re: Using ACS and Microsoft IAS for VPN simultaneously

Thanks again. Can I use the same address pool between the two groups, or do I need to create a new ip pool?

133
Views
15
Helpful
6
Replies