Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Remote access VPN with PIX-515E-UR

Is there any provision on PIX-515E to hold local user database for authentication like VPN Concentrator 3000 series. If yes, hoow many user account I can have locally with out any external AAA Server. Is it possible PIX to authenticate against Windows NT/Windows 2000 User database directly?

I want to use PIX-515E-UR firewall with 6.3 image for remote access solution. Is it necessary to buy Cisco Secure ACS3.2 for authentication?


Subba Rao

Cisco Employee

Re: Remote access VPN with PIX-515E-UR

You can use the local user database within the PIX with 6.3 code. You would configure the following:

crypto map client authentication LOCAL

username password

You can have as many "username" commands as you like, there's no theoretical limit other than the maximum size of the config file is 2Meg.

No, the PIX won't authenticate against AD/NT directly, it'll only do Radius or TACACS external authentication. You don't have to buy ACS though, you can just use the inbuilt Windows Radius server (IAS) with comes free with Win2K Server (I believe), then point the PIX at that and IAS will authenticate users out of your AD/NT tree.

New Member

Re: Remote access VPN with PIX-515E-UR

Thank you very much.

CreatePlease to create content