VPN using Kerberos authentication

Discussion in 'Cisco' started by B Squared, Jun 23, 2006.

  1. B Squared

    B Squared Guest

    I'm trying to set up the Cisco VPN on a PIX 515e, running 7.0(4)2 to use
    Kerberos authentication (via our Windows 2000 Server), using the Cisco
    VPN client.

    I got the VPN to work with both the local authentication (the local user
    database on the PIX), and with NT authentication, but what we really
    want is to use Kerberos authentication.

    I set up the VPN using the ASDM VPN Wizard, which seems to work great,
    other than this Kerberos issue, and so I'll only list the parameters
    (and the responses I give) on the Wizard page that deals with AAA.

    Field on the VPN wizard My response
    ---- ----
    Server Group Name MyServerGroup
    Authentication Protocol Kereberos
    Server IP address A.B.C.D (IP address of the Windows
    server we use for authentication)
    Interface inside (because our windows server
    is on the "inside" network)
    Server Realm Name OURDOMAIN.NET (where our domain is
    "OurDomain.net")

    I read the Kerberos Realm is traditionally the uppercase of the Windows
    domainname. The rest of the configuration is not related to just
    Kerberos, but the VPN in general, and seems to work. And I enter that as
    I always do.

    That given, attempting to connect with the Cisco VPN Client fails very
    quickly. So quickly that I don't think the authenttication failing on
    the Windows server. But rather the PIX is failing to connect to the
    Windows server. The error number on the client is 413, as would be
    expected in this case.

    Thanks in advance for any suggestions.

    B Squared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    "We've got to pause and ask ourselves: How much clean air do we need?"
    --Lee Iacocca, making excuses over Detroit's resistance
    to tougher automobile emission standards, 1974.
     
    B Squared, Jun 23, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David
    Replies:
    3
    Views:
    1,921
    David
    Jan 9, 2004
  2. BarBaar
    Replies:
    0
    Views:
    726
    BarBaar
    Sep 10, 2004
  3. Rob

    Kerberos Errors.

    Rob, Sep 21, 2003, in forum: MCSE
    Replies:
    11
    Views:
    12,347
    huntleyjr
    Oct 28, 2003
  4. XaBi
    Replies:
    4
    Views:
    4,715
  5. Replies:
    0
    Views:
    637
Loading...

Share This Page