Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1976
Views
0
Helpful
1
Replies

PIX and ACS and W2K domain?

valwicher
Level 1
Level 1

‎02-13-2002 04:25 AM - edited ‎02-21-2020 09:58 AM

Hi,

We are doing some research for one of our customers.

They would like to give remote users access via a VPN gateway with X.509 certificates (on smartcards) as authentication method.

They recently purchased the Cisco PIX 515 for this.

They are also looking for Single Sign-On. So after authenticating on the PIX the user should be authenticated on a Windows 2000 domain as well, without entering a userid or presenting a certificate again.

What do we need to achieve this? Is the Cisco Secure ACS capable of doing this or can the PIX talk to W2K domains directly? And how does this work? Is there a translation of the DN from the certificate to a known userid in Active Directory? Or will the certificate be forwarded by the PIX to the ACS and directly presented to W2K? And what about NTLM and MS-Kerberos support?

Thanks in advance,

Vincent

Labels:
0 Helpful
1 Reply 1

justler
Level 1
Level 1

‎02-21-2002 12:55 PM

You'll need some kind of Radius or TACACS+ server to send the authentication requests to the Domain... SecureACS can do both of these. Windows 2000 has a built in radius server that you could look at. I don't know enough about security to answer your NTLM and Kerberos question... Secure ACS basically translates your pix authentication requests into NT Domain authentication requests and sends them to the domain controller or the backup domain controller.

0 Helpful
Customers Also Viewed These Support Documents