09-16-2003 07:05 PM - edited 02-21-2020 12:46 PM
Is there any provision on PIX-515E to hold local user database for authentication like VPN Concentrator 3000 series. If yes, hoow many user account I can have locally with out any external AAA Server. Is it possible PIX to authenticate against Windows NT/Windows 2000 User database directly?
I want to use PIX-515E-UR firewall with 6.3 image for remote access solution. Is it necessary to buy Cisco Secure ACS3.2 for authentication?
Thanks,
Subba Rao
09-17-2003 04:03 PM
You can use the local user database within the PIX with 6.3 code. You would configure the following:
crypto map
username
You can have as many "username" commands as you like, there's no theoretical limit other than the maximum size of the config file is 2Meg.
No, the PIX won't authenticate against AD/NT directly, it'll only do Radius or TACACS external authentication. You don't have to buy ACS though, you can just use the inbuilt Windows Radius server (IAS) with comes free with Win2K Server (I believe), then point the PIX at that and IAS will authenticate users out of your AD/NT tree.
09-17-2003 04:40 PM
Thank you very much.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: