Solved: Re: PIX VPN Authentication

gparrish · ‎07-16-2003

I see options to authenticate VPN users over Radius, Tacacs+, Local or using a VPN Group. Is there anyway to authenticate against a NT Domain, Microsoft Active Directory or Novell eDirectory directory service?

Cant find any details in the config guide.

Thanks,

Greg

mhoda · ‎07-16-2003

Hello Greg,

Thanks for your question. Actually, PIX doesn't have built in API unlike VPN 3K to send authentication request directly to the devices you have mentioned. PIX has the radius/tacacs+ API and thats why its required to use a AAA server that support Radius/Tacacs. Cisco Secure AAA server can be integrated with all the deviecs you have mentioned. You can point your PIX to the Cisco Secure AAA server and it will forward to the request to the database you have mentioned in your post.

I hope this helps. Regards,

Mynul

View solution in original post

mhoda · ‎07-16-2003

Hello Greg,

Thanks for your question. Actually, PIX doesn't have built in API unlike VPN 3K to send authentication request directly to the devices you have mentioned. PIX has the radius/tacacs+ API and thats why its required to use a AAA server that support Radius/Tacacs. Cisco Secure AAA server can be integrated with all the deviecs you have mentioned. You can point your PIX to the Cisco Secure AAA server and it will forward to the request to the database you have mentioned in your post.

I hope this helps. Regards,

Mynul

maha · ‎07-19-2003

Windows 2000 Advanced server has builtin Radius Server (Internet Authentication Server). You can configure this radius server to use the domain database for authentication.

Regards

maha