Ive got a bit of a basic question but cant seem to find the answer via google. Not touched firewalls for years so im a bit rusty.
Anyway, I need to replace a vpn 3000 concentrator with 2 asa 5540s in active/standby configuration. The firewalls will be doing nothing but allowing remote IPSEC users and anyconnect users into the internal network.
Basically the asa's will sit behind the dmz (behind checkpoint firewalls). The concentrator 3000 at the moment is communicating with active directory using kerberos for authentication.
What ide like to know is, Can i simply do the same with the ASA's? Can i just authenticate users using kerberos and leave it at that? or will i need to use LDAP to set up Authorisation?
Basically Im hoping its going to be as easy as copying the kerberos info from the concentrator to the ASAs and allowing remote vpn users to get access to everything in the internal network.
As you can see, im more or less starting from scratch with firewalls so any help is appreciated. Thanks
However, pls kindly advise if you are actually using authorization on VPN3000 and what authorization you are actually doing. The reason I ask is you might be able to do it differently with ASA configuration.
Ive checked the VPN concentrator and it has only been configured with authentication via kerberos. What i need to configure is a basic setup on the firewalls so that remote users can log in via IPSEC (using vpn client) and cisco anyconnect. Can I simply use Kerberos to authenticate via active directory and leave it at that? Im not very familiar with Active directory and LDAP etc so ide rather not implement that if i dont have to.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...