Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX and Microsoft IAS -R ADIUS

Has anyone ever had success setting up authentication with the MS Win2K IAS service for PIX remote access VPN? If so, could you point me to any docs? Thanks. Alex

5 REPLIES
Cisco Employee

Re: PIX and Microsoft IAS -R ADIUS

Are you talking about xauth authentication for remote access clients via VPN ? If so there should not be any difference between which vendors radius server is used unless you are running into an obscure problem.

It will be the same config in the PIX whether it's Cisco Secure ACS or MS IAS. PIX is RADIUS RFC compliant.

This doc should help (the only thing it does not contain is MS IAS profiles - you can get that info. from W2K docs).

http://www.cisco.com/warp/customer/110/pixcryaaa52.shtml

hope this helps.

New Member

Re: PIX and Microsoft IAS -R ADIUS

Thanks..I appreciate it. Though it may sound strange, I cannot find any MS docs. Do you know if anyone has ever done this? Specifically, I need help with IAS profiles.

New Member

Re: PIX and Microsoft IAS -R ADIUS

Hi,

This is the link to the document I used - http://www.cisco.com/warp/customer/110/cvpn3k_pix_ias.html IAS didn't authenticate until I removed all the conditions and used only "Windows-group matches" and pointed it to the relevant global security group. Then I added in other conditions. Hope this helps.

Andrew

New Member

Re: PIX and Microsoft IAS -R ADIUS

Hi,

We have IAS working with the VPN concentrator but...

We would like the IAS server to return a group value to the concentrator so a user can be put into a specific group other than a generic one used for remote access. Any info on how to do this would be greatly appreciated.

New Member

Re: PIX and Microsoft IAS -R ADIUS

Hello

I do that!

the concentrator authenticates via PAP ad sends the parameter OU=groupname; to the radius server

you must configure a radius policy for any group you have in the concentrator and defining the policy click on edit profile and

1. in the authentication window add PAP

2 in the advaced window add a class attribute, in the class window insert the string OU=groupname; (remember that is case sensitive and not to forget the semicolon)

Have luck

174
Views
0
Helpful
5
Replies
CreatePlease to create content