09-16-2003 07:05 PM - edited 02-21-2020 12:46 PM
Is there any provision on PIX-515E to hold local user database for authentication like VPN Concentrator 3000 series. If yes, hoow many user account I can have locally with out any external AAA Server. Is it possible PIX to authenticate against Windows NT/Windows 2000 User database directly?
I want to use PIX-515E-UR firewall with 6.3 image for remote access solution. Is it necessary to buy Cisco Secure ACS3.2 for authentication?
Thanks,
Subba Rao
09-17-2003 04:03 PM
You can use the local user database within the PIX with 6.3 code. You would configure the following:
crypto map
username
You can have as many "username" commands as you like, there's no theoretical limit other than the maximum size of the config file is 2Meg.
No, the PIX won't authenticate against AD/NT directly, it'll only do Radius or TACACS external authentication. You don't have to buy ACS though, you can just use the inbuilt Windows Radius server (IAS) with comes free with Win2K Server (I believe), then point the PIX at that and IAS will authenticate users out of your AD/NT tree.
09-17-2003 04:40 PM
Thank you very much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide