PIX 501 newbie aaa servers for pix

Discussion in 'Cisco' started by Greg Gibson, May 6, 2004.

  1. Greg Gibson

    Greg Gibson Guest

    I am reading Cisco Guide to PIX Firewalls and what I get
    from the aaa stuff is that to have the pix (501 in my case)
    authenticate a user before allowing them a session to an
    INTERNAL IP:pORT (like my sql server 1433 on 192.168.0.3)
    I must be running an aaa server for the pix to query
    for authentication information etc.

    Is this true, or will the pix authenticate to a local user
    database? It seems from a previous post that 6.3 will
    authenticate users for VPN connections from a local store?

    Also, it says the pix is compatible with cisco acs, livingston
    and merit. Searches on google seem to suggest that people use
    others. I am looking for a free one, if I need one at all.

    Thanks,
    Greg
     
    Greg Gibson, May 6, 2004
    #1
    1. Advertising

  2. Greg Gibson

    News Account Guest

    WinRadius is free (runs on Windows) and Cisco has a basic free TACACS
    server.

    I have tested both here with routers - haven't tried either with my PIX.

    Don Woodward


    "Greg Gibson" <> wrote in message
    news:...
    > I am reading Cisco Guide to PIX Firewalls and what I get
    > from the aaa stuff is that to have the pix (501 in my case)
    > authenticate a user before allowing them a session to an
    > INTERNAL IP:pORT (like my sql server 1433 on 192.168.0.3)
    > I must be running an aaa server for the pix to query
    > for authentication information etc.
    >
    > Is this true, or will the pix authenticate to a local user
    > database? It seems from a previous post that 6.3 will
    > authenticate users for VPN connections from a local store?
    >
    > Also, it says the pix is compatible with cisco acs, livingston
    > and merit. Searches on google seem to suggest that people use
    > others. I am looking for a free one, if I need one at all.
    >
    > Thanks,
    > Greg
     
    News Account, May 6, 2004
    #2
    1. Advertising

  3. Greg Gibson

    Rik Bain Guest

    On Wed, 05 May 2004 18:08:12 -0500, Greg Gibson wrote:

    > I am reading Cisco Guide to PIX Firewalls and what I get from the aaa
    > stuff is that to have the pix (501 in my case) authenticate a user
    > before allowing them a session to an INTERNAL IP:pORT (like my sql
    > server 1433 on 192.168.0.3) I must be running an aaa server for the pix
    > to query for authentication information etc.
    >
    > Is this true, or will the pix authenticate to a local user database? It
    > seems from a previous post that 6.3 will authenticate users for VPN
    > connections from a local store?
    >
    > Also, it says the pix is compatible with cisco acs, livingston and
    > merit. Searches on google seem to suggest that people use others. I am
    > looking for a free one, if I need one at all.
    >
    > Thanks,
    > Greg


    You can use the LOCAL server tag for authentication traffic through the
    pix. This was introduced in 6.2. 6.3 added the ability to use LOCAL for
    vpn xauth.

    Rik Bain
     
    Rik Bain, May 6, 2004
    #3
  4. If you are using Windows 2000 or Windows 2003 in your network, you can
    use the IAS (Internet Authentication Server) Radius (a Windows
    component).

    Rgds,
    Adrian Grigorof
    http://www.eventid.net/firegen/firegenpix2.asp

    (Greg Gibson) wrote in message news:<>...
    > I am reading Cisco Guide to PIX Firewalls and what I get
    > from the aaa stuff is that to have the pix (501 in my case)
    > authenticate a user before allowing them a session to an
    > INTERNAL IP:pORT (like my sql server 1433 on 192.168.0.3)
    > I must be running an aaa server for the pix to query
    > for authentication information etc.
    >
    > Is this true, or will the pix authenticate to a local user
    > database? It seems from a previous post that 6.3 will
    > authenticate users for VPN connections from a local store?
    >
    > Also, it says the pix is compatible with cisco acs, livingston
    > and merit. Searches on google seem to suggest that people use
    > others. I am looking for a free one, if I need one at all.
    >
    > Thanks,
    > Greg
     
    Adrian Grigorof, May 9, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andre
    Replies:
    7
    Views:
    805
    Andre
    Feb 20, 2005
  2. Chris_D
    Replies:
    4
    Views:
    3,470
    Chris_D
    Aug 1, 2005
  3. Robert
    Replies:
    3
    Views:
    2,255
    Robert
    Dec 14, 2005
  4. Giuen
    Replies:
    0
    Views:
    1,418
    Giuen
    Sep 12, 2008
  5. Rob
    Replies:
    4
    Views:
    568
Loading...

Share This Page