Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX 6.2,VPN,AAA

Hi all

My customer uses PIX OS 6.2.2 and i made Remote to Site VPN configuration They use latest VPN client sofware for Dial-up users.

They use Cryptocard Token and i configured for http authentication with use of

token.There is no problem regarding this issue but they also want to give access to VPN users for Terminal service access to 2 W2K Servers.

I know there are only there protocol supported (ftp,telnet,http) in PIX but my customers wants that VPN clients can't connect to Termianl Services Servers

without authentication.Now they cant access to http server without authentication but after VPN connection dial-up users can connect to those two

W2k server without authentication.

When i use aaa authentication include tcp/0.. whole tcp

connections require authentication and as a results they can't get mails from Internet Also i can't exclude smtp port for authentication because only those 3 ports can be excluded.

Any suggestion will be appreciated

Thanks in advance

1 REPLY
Anonymous
N/A

Re: PIX 6.2,VPN,AAA

If there is really a need to authenticate some kind of unusual service, this can be done by use of the virtual telnet command. This command allows authentication to occur to the virtual Telnet IP address. After this authentication, the traffic for the unusual service can go to the real server.

The URL will give sample configurations,

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800a6913.shtml#virtelnet

104
Views
0
Helpful
1
Replies
CreatePlease to create content