06-26-2006 09:56 PM
Hello,
Can remote VPN clients be authenticated through Windows Active Directory server on a PIX 515E v6.3.
If so what is the command to do this. If it is not possible on 6.3, is this option available with 7.0?
Kevin.
06-26-2006 10:58 PM
In 6.x you'd have to front-end your AD server with a Radius or TACACS server, as this is all the PIX supports.
Version 7.x introduced native authentication to AD (either NT or LDAP), see here for details:
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/vpngrp.htm#wp1044654
Note that the config will change a lot between v6 and v7, although if you upgrade the conversion will be taken care of for you. Basically you'll end up with a tunnel-group for your remote-access (RA) users, and you configure the authentication group under there as such:
tunnel-group
tunnel-group
authentication-server-group adsvr
tunnel-group
pre-shared key
aaa-server adsvr protocol nt
aaa-server adsvr host 10.1.1.1
nt-auth-domain-controller
See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/cmd_ref/index.htm for the full command reference.
06-27-2006 12:04 AM
Thank you very much gfullage
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: