Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1373
Views
0
Helpful
5
Replies

PIX and Microsoft IAS -R ADIUS

exigent
Level 1
Level 1

‎01-18-2002 05:31 AM - edited ‎02-20-2020 09:57 PM

Has anyone ever had success setting up authentication with the MS Win2K IAS service for PIX remote access VPN? If so, could you point me to any docs? Thanks. Alex

0 Helpful
5 Replies 5

vijkrish
Cisco Employee
Cisco Employee

‎01-24-2002 01:30 PM

Are you talking about xauth authentication for remote access clients via VPN ? If so there should not be any difference between which vendors radius server is used unless you are running into an obscure problem.

It will be the same config in the PIX whether it's Cisco Secure ACS or MS IAS. PIX is RADIUS RFC compliant.

This doc should help (the only thing it does not contain is MS IAS profiles - you can get that info. from W2K docs).

http://www.cisco.com/warp/customer/110/pixcryaaa52.shtml

hope this helps.

0 Helpful

exigent
Level 1
Level 1
In response to vijkrish

‎01-27-2002 06:51 PM

Thanks..I appreciate it. Though it may sound strange, I cannot find any MS docs. Do you know if anyone has ever done this? Specifically, I need help with IAS profiles.

0 Helpful

a_smurthwaite
Level 1
Level 1
In response to exigent

‎02-13-2002 09:13 AM

Hi,

This is the link to the document I used - http://www.cisco.com/warp/customer/110/cvpn3k_pix_ias.html IAS didn't authenticate until I removed all the conditions and used only "Windows-group matches" and pointed it to the relevant global security group. Then I added in other conditions. Hope this helps.

Andrew

0 Helpful

ishah
Level 1
Level 1
In response to a_smurthwaite

‎03-11-2002 07:10 AM

Hi,

We have IAS working with the VPN concentrator but...

We would like the IAS server to return a group value to the concentrator so a user can be put into a specific group other than a generic one used for remote access. Any info on how to do this would be greatly appreciated.

0 Helpful

alessandro.pelosi
Level 1
Level 1
In response to ishah

‎03-14-2002 01:18 AM

Hello

I do that!

the concentrator authenticates via PAP ad sends the parameter OU=groupname; to the radius server

you must configure a radius policy for any group you have in the concentrator and defining the policy click on edit profile and

1. in the authentication window add PAP

2 in the advaced window add a class attribute, in the class window insert the string OU=groupname; (remember that is case sensitive and not to forget the semicolon)

Have luck

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card