Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1474
Views
0
Helpful
2
Replies

PIX & CSACS, authenticate w/ radius then local

ctivig
Level 1
Level 1

‎03-09-2004 06:10 AM - edited ‎03-10-2019 07:42 AM

I want to setup a pix firewall to autenticate thr. RADIUS first then, if RADIUS is unavailable, thr. LOCAL.

By default, if RADIUS is unavailable it uses the user/pass : pix/enable passwd

I can do this on routers, but I don't know how to do it on pix firewalls.

Pls help.

Thank you.

Labels:
0 Helpful
2 Replies 2

ehirsel
Level 6
Level 6

‎03-10-2004 07:08 AM

What version of the pix firewall are you running?

Do you have more than one radius server?

Here is a quote from the pix 6.3 (the latest avail. version):

The PIXFirewall permits only one authentication type per network. For example, if one network connects through the PIXFirewall using TACACS+ for authentication, another network connecting through the PIXFirewall can authenticate with RADIUS, but one network cannot authenticate with both TACACS+ and RADIUS.

Since 6.3 is the latest, it may appear that you cannot do on the pix what can be done on an IOS based router. I would contact Cisco TAC to verify this. Normally the doc is well written and organized, at least from what I have seen on the pix 6.1 and higer code levels, so if using two types of authentication is not listed as an example then it probably can't be done.

0 Helpful

ctivig
Level 1
Level 1
In response to ehirsel

‎03-10-2004 10:18 AM

Ideed i cannot.

It looks like in 7.0 I will be able to.

Couple of months to go now ...

0 Helpful
Customers Also Viewed These Support Documents