04-19-2006 08:12 AM - edited 02-21-2020 02:22 PM
I have just upgraded to PIX 7.0. The PIX is the VPN head-end to clients using the Cisco VPN client. Currently the users authenticate against a TACACS box but I have heard that with version 7.0 authentication can be done directly against Microsoft Active Directory. Can anybody give me some advice on how to configure this.
Many thanks
04-23-2006 07:26 PM
Hi,
PIX 7.0 support Microsoft Active Directory via its LDAP.
The config guide is available at the following:
Rgds,
AK
04-24-2006 12:17 AM
Hey
Thanks for the reply. Cannot seem to get link to work. It won't accept my login credentials???
G
04-24-2006 02:27 AM
The Cisco ASA command configuration guide states that support of LDAP server is only for authorisation and not authentication. Meaning that authentication has to be done first and somewhere else. If you want to authenticate your users against AD then the easiest way to do it is by:
1.- Install IAS and make it member of the domain. Refer to Microsoft Documentation for setting this up .. is very straight forward.
2.- Use the ASA/PIX as radius client of the IAS box
on
3.- On the vpn group point the authentication to AAA where your IAS is the radius server
04-23-2006 11:18 PM
This feature is supported also with the PIX 6.3 and maybe also previous versions. Is done easy with Internet Authentication Service (IAS) on your windows server and radius.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide