Right now we use the group-authentication to authenticate remote cisco clients when VPNing into our PIX but have no control when a user leaves the company to deny him VPNing in unless we change the group password and then have to change every clients software to reflect the new password.
Can anyone point me to documentation on how to better secure this. We use Windows 2003 AD and I would like a way to configure a AD group that the PIX would look at to verify that it is a legitatimate user connecting.
I thought I also read about setting up a RADIUS server and using that but I have never worked with a RADIUS server. Can I just load one on a Windows 2003 server?
What would I need to do on the PIX side to get this running?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...