Re: How to get PIX to use IPPools from ACS

networking · ‎08-24-2005

Hi everyone,

This is my first posting on here, so please be gentle!

ACS v3.3

PIX 515E - PIX OS 6.3(5)

We use the ACS to Authenticate & Authorise user connecting in three ways:

1) VPN over the internet to a Concentrator 3000

2) Dialin using PSTN or ISDN to two 3600Series Routers

3) IPSec VPN to a PIX515E

In cases 1 & 2 above, the ACS provides the client with an IP address either from the group pool, or a static (Depending upon the user setup)

However, we cannot figure out how to get the PIX to do this, we've been hunting cisco.com and googleing this problem for about 3 days solid and can find nothing.

I have attached the PIX's config.

Any help would be greatly apreciated.

Many Thanks,

Nick,

Data Networking Team

NHS Wales (UK)

mchin345 · ‎09-01-2005

PIX supports only local ip pool, hence scenario 3 will not work.

http://www.cisco.com/warp/customer/110/B.html

networking · ‎09-04-2005

Ahh, that is bad news..

Is this just with PIX OS 6?

does that same apply to PIX OS 7?

Many thanks for your reply.

Nick

m.mazzone · ‎09-06-2005

Hi Nick

For PIX OS 7 you can use a AAA server to assign addresses for VPN remote access clients.

Search on the cisco.com this manual

Cisco Security Appliance Command Line

Configuration Guide

For the Cisco ASA 5500 Series and Cisco PIX 500 Series

Software Version 7.0

capter 26: Configuring IP Addresses for VPNs

Margherita