Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Clients with PIX 7.0

I have just upgraded to PIX 7.0. The PIX is the VPN head-end to clients using the Cisco VPN client. Currently the users authenticate against a TACACS box but I have heard that with version 7.0 authentication can be done directly against Microsoft Active Directory. Can anybody give me some advice on how to configure this.

Many thanks

4 REPLIES

Re: VPN Clients with PIX 7.0

Hi,

PIX 7.0 support Microsoft Active Directory via its LDAP.

The config guide is available at the following:

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_guide_chapter09186a00804512a5.html#wp1072211

Rgds,

AK

New Member

Re: VPN Clients with PIX 7.0

Hey

Thanks for the reply. Cannot seem to get link to work. It won't accept my login credentials???

G

Re: VPN Clients with PIX 7.0

The Cisco ASA command configuration guide states that support of LDAP server is only for authorisation and not authentication. Meaning that authentication has to be done first and somewhere else. If you want to authenticate your users against AD then the easiest way to do it is by:

1.- Install IAS and make it member of the domain. Refer to Microsoft Documentation for setting this up .. is very straight forward.

2.- Use the ASA/PIX as radius client of the IAS box

on

3.- On the vpn group point the authentication to AAA where your IAS is the radius server

New Member

Re: VPN Clients with PIX 7.0

This feature is supported also with the PIX 6.3 and maybe also previous versions. Is done easy with Internet Authentication Service (IAS) on your windows server and radius.

88
Views
0
Helpful
4
Replies