Cisco Support Community
Community Member

PIX 515-R and Microsoft IAS (but not necessarily)

We are replacing our current Guardian firewalls with Cisco Pix firewalls and I am having a hard time coming up with a strategy that works for us.

What we do currently is define access by machine name. This way, a PC can be allocated a dynamic address yet still get the proper access. If necessary, this would be my fallback method of working.

We would like to move to a system where access to the internet is controlled according to the username as logged into Active Directory. The admins can get lots of access reagrdless of which terminal they are on but the data monkeys' can be more controlled.

I have looked at IAS for a solution but it is very much geared to providing access to the neetwork by remote users - we need to do it the other way yound.

We also need to control access on numerous protocols, I am not just talking web access. I might want to let some people watch streamed cricket or play halflife but not everybody.

Inbound access is only going to be to specific machines with static addresses and is not too complicated. It would be nice to have "groups" of

access rather than specify individual protocols for each user or machine but thay may not be possible.

Any help, pointers, books will be great as I am swimming out of my depth on this one.


- Rob

Community Member

Re: PIX 515-R and Microsoft IAS (but not necessarily)

Looks like you need to do RADIUS authentication from the PIX for the outbound connections. You can pick whatever RADIUS server you like although CiscoSecure ACS NT and Micrsoft IAS work well. Either will allow you to leverage your existing NT user base. You will have the felxibility to group your users and even provide access restrictions by apply per-user acls from the RADIUS server.

Look at the Security Tech Tips on CCO for more information on configuring the PIX for this authentication.

Community Member

Re: PIX 515-R and Microsoft IAS (but not necessarily)

You need to use Cisco Secure ACS and configure Authentication and Authorization on the PIX.

Community Member

Re: PIX 515-R and Microsoft IAS (but not necessarily)

Is that available for less than £4000?

CreatePlease to create content