Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VPN using Kerberos authentication

Reply
Thread Tools

VPN using Kerberos authentication

 
 
B Squared
Guest
Posts: n/a
 
      06-23-2006

I'm trying to set up the Cisco VPN on a PIX 515e, running 7.0(4)2 to use
Kerberos authentication (via our Windows 2000 Server), using the Cisco
VPN client.

I got the VPN to work with both the local authentication (the local user
database on the PIX), and with NT authentication, but what we really
want is to use Kerberos authentication.

I set up the VPN using the ASDM VPN Wizard, which seems to work great,
other than this Kerberos issue, and so I'll only list the parameters
(and the responses I give) on the Wizard page that deals with AAA.

Field on the VPN wizard My response
---- ----
Server Group Name MyServerGroup
Authentication Protocol Kereberos
Server IP address A.B.C.D (IP address of the Windows
server we use for authentication)
Interface inside (because our windows server
is on the "inside" network)
Server Realm Name OURDOMAIN.NET (where our domain is
"OurDomain.net")

I read the Kerberos Realm is traditionally the uppercase of the Windows
domainname. The rest of the configuration is not related to just
Kerberos, but the VPN in general, and seems to work. And I enter that as
I always do.

That given, attempting to connect with the Cisco VPN Client fails very
quickly. So quickly that I don't think the authenttication failing on
the Windows server. But rather the PIX is failing to connect to the
Windows server. The error number on the client is 413, as would be
expected in this case.

Thanks in advance for any suggestions.

B Squared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
"We've got to pause and ask ourselves: How much clean air do we need?"
--Lee Iacocca, making excuses over Detroit's resistance
to tougher automobile emission standards, 1974.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco VPN using kerberos problem rounner@yahoo.com Cisco 0 01-04-2007 04:39 AM
PIX 7.2 VPN with kerberos / ldap authentication and authorization XaBi Cisco 4 09-06-2006 03:15 PM
Kerberos Decrypted - Interesting URLs on how kerberos work ii.unforgiven@gmail.com Computer Security 1 07-04-2006 07:37 AM
windows authentication VS Kerberos authentication in ASP.NET 2.0? nenzax ASP .Net Security 1 12-18-2005 11:03 AM
Kerberos/AD authentication config on Cisco 3005 David Cisco 3 01-09-2004 03:29 PM



Advertisments