Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How do you manage IPsec user account in PIX515?

Hi, Can anyone advise an idea how IPsec accounts in PIX can be managed?

with local database in PIX doesn't have options to set expiry on user id's password. If there is, can you recommend any software and link pls? Regards, DJ


Re: How do you manage IPsec user account in PIX515?

With local user database, as you said, this is not possible. However, any AAA server can be used. Cisco offer ACS Unix (going to be EOL soon) and ACS NT/2K. ACS does a pretty good job. Here is the link:



New Member

Re: How do you manage IPsec user account in PIX515?

With ACS2.4 for NT /2K, I would like to check a couple of things with you.

Is this ACS can only be used for VPN dial-in user via PIX firewall? or can you use it for users on the inside interfcae? When remote user establish VPN Ipsec connection to PIX, ACS that resides on the NT or 2K domain server can authenticate users by controlling dial-in access that is preconfigured in ACS. Do you still require to configure VPN IPsec users through PIX VPN server? or Do I need to add access-list in the ACS server?

In the PIX, I can add TACACS server IP address. Regards, DJ