Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix VPN Client how to authenticate with Active Directory

Hi All, I just set up my first VPN Client on a Cisco Pix device. Everything works great as far as hitting the correct subnet's and logging on. However, I would like to see how I can have my remote users login with there active directory accounts. As of right now I'm using the local login for the pix for testing purposes. This seems easy but, I'm missing something

We are using :

Cisco Pix-515E version 6.3(3)

Thanks,

Dan

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Pix VPN Client how to authenticate with Active Directory

Unfortunately PIX version 6.3.3 does not support authentication to Active Directory. PIX v6.3.3 only supports authentication to PIX local database, radius and tacacs server.

If you would like to authenticate to your active directory, it is supported from PIX v7.x onwards.

Here is the different types of authentication supported from PIX v7.x onwards for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/aaa.html

Hope that answers your question.

3 REPLIES

Re: Pix VPN Client how to authenticate with Active Directory

Dan,

If you're not filtering any traffic through the VPN, then the remote computers should be able to authenticate against the directory.

The remote computers should be member of the domain and included in the active directory on the main site, have you verified this?

From the remote client, can you PING the devices on the headend?

If connectivity works, but the problem is that the machines cannot authenticate against AD, make sure the computers are added to the domain correctly and there are no filters in the tunnel.

Federico.

New Member

Re: Pix VPN Client how to authenticate with Active Directory

Hi, the remote computer I'm trying to connect from is not a member of that domain. Basically what I'm trying to accomplish is users have their home (personal) computers that are not attached to the domain. What im trying to avoid is creating one remote account locally on the PIX for 20 users or creating 20 usernames on the pix. I thought it would be easier for staff if they could use there Active Directory usernames and passwords.

The Active Directory Subnet is allowed in the VPN tunnel and I can ping the AD server when I use and one of the local username and passwords on the pix.

thanks for you help,

Dan

Cisco Employee

Re: Pix VPN Client how to authenticate with Active Directory

Unfortunately PIX version 6.3.3 does not support authentication to Active Directory. PIX v6.3.3 only supports authentication to PIX local database, radius and tacacs server.

If you would like to authenticate to your active directory, it is supported from PIX v7.x onwards.

Here is the different types of authentication supported from PIX v7.x onwards for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/aaa.html

Hope that answers your question.

1160
Views
5
Helpful
3
Replies