Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > pix vpn radius authentication question

Reply
Thread Tools

pix vpn radius authentication question

 
 
John Smith
Guest
Posts: n/a
 
      12-01-2004
according to cisco:
"Pix Firewall does not directly support WindowsNT/2000 domain
authentication. To use Windows NT/2000 domain authentication with the PIX,
use a RADIUS server such as CSACS, and configure the RADIUS server to
authenticate against the NT/2000 directory."
this is for client vpn access, btw.
does this mean if i use MS's radius server (IAS) that I can configure the
PIX to authenticate against it, and then use IAS to authenticate against
active directory? Does anyone have any experience w/ this setup?

also, i am currently using IAS to authenticate wireless users as well
(aironet 1200's), just fyi...

-TIA


 
Reply With Quote
 
 
 
 
mcaissie
Guest
Posts: n/a
 
      12-01-2004
I use PIX + IAS to authenticate Cisco VPN client using their Windows 2000
domain account without problems.

in PIX:
aaa-server partnerauth protocol radius
aaa-server partnerauth (inside) host [IAS IP] [secret] timeout 5

crypto map [cryptoname] client authentication partnerauth

in IAS:
-- add client
------PIX inside IP
------client-vendor = Radius Standard
------secret

--add Remote access policy
----- with conditions NAS IP address matches [ PIX inside IP ]
-----you can add a condition Windows-Group matches ( and create a group in
wich you put the users you want to give access)
-----in Profile - Authentication , you need to select only Unencrypted
authentication


User account must also have "Remote Access Permission " - "Allow access"


"John Smith" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> according to cisco:
> "Pix Firewall does not directly support WindowsNT/2000 domain
> authentication. To use Windows NT/2000 domain authentication with the
> PIX, use a RADIUS server such as CSACS, and configure the RADIUS server to
> authenticate against the NT/2000 directory."
> this is for client vpn access, btw.
> does this mean if i use MS's radius server (IAS) that I can configure the
> PIX to authenticate against it, and then use IAS to authenticate against
> active directory? Does anyone have any experience w/ this setup?
>
> also, i am currently using IAS to authenticate wireless users as well
> (aironet 1200's), just fyi...
>
> -TIA
>



 
Reply With Quote
 
 
 
 
John Smith
Guest
Posts: n/a
 
      12-01-2004
damn, one more thing to test/implement heheh...

THANKS!



"mcaissie" <(E-Mail Removed)> wrote in message
news:Cdqrd.251911$9b.119877@edtnps84...
>I use PIX + IAS to authenticate Cisco VPN client using their Windows 2000
>domain account without problems.
>
> in PIX:
> aaa-server partnerauth protocol radius
> aaa-server partnerauth (inside) host [IAS IP] [secret] timeout 5
>
> crypto map [cryptoname] client authentication partnerauth
>
> in IAS:
> -- add client
> ------PIX inside IP
> ------client-vendor = Radius Standard
> ------secret
>
> --add Remote access policy
> ----- with conditions NAS IP address matches [ PIX inside IP ]
> -----you can add a condition Windows-Group matches ( and create a group in
> wich you put the users you want to give access)
> -----in Profile - Authentication , you need to select only Unencrypted
> authentication
>
>
> User account must also have "Remote Access Permission " - "Allow access"
>
>
> "John Smith" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> according to cisco:
>> "Pix Firewall does not directly support WindowsNT/2000 domain
>> authentication. To use Windows NT/2000 domain authentication with the
>> PIX, use a RADIUS server such as CSACS, and configure the RADIUS server
>> to authenticate against the NT/2000 directory."
>> this is for client vpn access, btw.
>> does this mean if i use MS's radius server (IAS) that I can configure the
>> PIX to authenticate against it, and then use IAS to authenticate against
>> active directory? Does anyone have any experience w/ this setup?
>>
>> also, i am currently using IAS to authenticate wireless users as well
>> (aironet 1200's), just fyi...
>>
>> -TIA
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing Windows Passwords - VPN with a PIX, Cisco VPN Client and RADIUS Authentication DCS Cisco 2 03-26-2009 08:45 PM
PIX VPN Radius Authentication question seanh012@gmail.com Cisco 0 04-05-2005 05:06 PM
Re: pix vpn radius authentication question John Smith Cisco 2 12-03-2004 07:05 AM
problem with 2 VPN-Client groups and Radius authentication on Cisco PIX 515E Spoettel Otmar Cisco 0 05-12-2004 12:54 PM
Authentication for Cisco VPN client on PIX (RADIUS vs. local PIX database) tejlor Cisco 2 11-25-2003 08:07 AM



Advertisments