cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1940
Views
0
Helpful
3
Replies

Authentication of users from the remote end of the site-to-site VPN tunnel

r.nair
Level 1
Level 1

Hi,

We have a site-to-site VPN tunnel created between two sites using two PIX's running version 6.1(1) software.

We want the users from the remote network to be authenticated using RADIUS / TACACS+ server before they can access the network (for any IP traffic, not just http, ftp or telnet).

Any ideas?

3 Replies 3

lisa.hall
Level 2
Level 2

http://www.cisco.com/warp/public/110/pixcryaaa52.shtml will show you how to setup xauth.

I was referring to User Authentication in site-to-site VPN scenario and not in Remote Access VPN scenario.

The PIX can only proxy authenticate for HTTP, telnet or ftp. You’ll have to use that (or virtual HTTP) to have your user authenticate against and then, once authenticated, any additional conduits will open for that user. Use aaa authentication inbound/outbound ANY but have the user authenticate against one of the supported authentication protocols.