I have just upgraded to PIX 7.0. The PIX is the VPN head-end to clients using the Cisco VPN client. Currently the users authenticate against a TACACS box but I have heard that with version 7.0 authentication can be done directly against Microsoft Active Directory. Can anybody give me some advice on how to configure this.
The Cisco ASA command configuration guide states that support of LDAP server is only for authorisation and not authentication. Meaning that authentication has to be done first and somewhere else. If you want to authenticate your users against AD then the easiest way to do it is by:
1.- Install IAS and make it member of the domain. Refer to Microsoft Documentation for setting this up .. is very straight forward.
2.- Use the ASA/PIX as radius client of the IAS box
3.- On the vpn group point the authentication to AAA where your IAS is the radius server
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...