PIX 501 newbie aaa servers for pix

Discussion in 'Cisco' started by Greg Gibson, May 6, 2004.

  1. Greg Gibson

    Greg Gibson Guest

    I am reading Cisco Guide to PIX Firewalls and what I get
    from the aaa stuff is that to have the pix (501 in my case)
    authenticate a user before allowing them a session to an
    INTERNAL IP:pORT (like my sql server 1433 on 192.168.0.3)
    I must be running an aaa server for the pix to query
    for authentication information etc.

    Is this true, or will the pix authenticate to a local user
    database? It seems from a previous post that 6.3 will
    authenticate users for VPN connections from a local store?

    Also, it says the pix is compatible with cisco acs, livingston
    and merit. Searches on google seem to suggest that people use
    others. I am looking for a free one, if I need one at all.

    Thanks,
    Greg
     
    Greg Gibson, May 6, 2004
    #1
    1. Advertisements

  2. Greg Gibson

    News Account Guest

    WinRadius is free (runs on Windows) and Cisco has a basic free TACACS
    server.

    I have tested both here with routers - haven't tried either with my PIX.

    Don Woodward
     
    News Account, May 6, 2004
    #2
    1. Advertisements

  3. Greg Gibson

    Rik Bain Guest

    You can use the LOCAL server tag for authentication traffic through the
    pix. This was introduced in 6.2. 6.3 added the ability to use LOCAL for
    vpn xauth.

    Rik Bain
     
    Rik Bain, May 6, 2004
    #3
  4. Adrian Grigorof, May 9, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.