Authentication with Active Directory
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2004 09:43 AM - edited 03-10-2019 07:51 AM
I have a VPN between Cisco VPN clients and a PIX firewall. Is it possible to authenticate against the users in the AD in order to have the same access rights and policies as if they were connected to the LAN?
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2004 12:40 PM
Yes you can. You have to configure your firewall to permit all the ms ports from the group of address that you will assign the users. From the point of view of AD what ever policies you have for the users whould aply. Take a look at this MS link;
http://support.microsoft.com/default.aspx?scid=kb;en-us;318750.
The one thing that if you are not using a radius server you might have problems with ou memberships since the vpn will only recognize NT 4 type domains. What this means if you are configured as a native 2003 AD you will not be able to use the vpn directly. You should then use the windows radius server or cisco acs server. Also all of your account have to be stored in AD using reversible encryption what make the passwords less secure.
Hope this helps.
