05-05-2010 03:51 PM
Hi All, I just set up my first VPN Client on a Cisco Pix device. Everything works great as far as hitting the correct subnet's and logging on. However, I would like to see how I can have my remote users login with there active directory accounts. As of right now I'm using the local login for the pix for testing purposes. This seems easy but, I'm missing something
We are using :
Cisco Pix-515E version 6.3(3)
Thanks,
Dan
Solved! Go to Solution.
05-05-2010 04:37 PM
Unfortunately PIX version 6.3.3 does not support authentication to Active Directory. PIX v6.3.3 only supports authentication to PIX local database, radius and tacacs server.
If you would like to authenticate to your active directory, it is supported from PIX v7.x onwards.
Here is the different types of authentication supported from PIX v7.x onwards for your reference:
http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/aaa.html
Hope that answers your question.
05-05-2010 03:55 PM
Dan,
If you're not filtering any traffic through the VPN, then the remote computers should be able to authenticate against the directory.
The remote computers should be member of the domain and included in the active directory on the main site, have you verified this?
From the remote client, can you PING the devices on the headend?
If connectivity works, but the problem is that the machines cannot authenticate against AD, make sure the computers are added to the domain correctly and there are no filters in the tunnel.
Federico.
05-05-2010 04:20 PM
Hi, the remote computer I'm trying to connect from is not a member of that domain. Basically what I'm trying to accomplish is users have their home (personal) computers that are not attached to the domain. What im trying to avoid is creating one remote account locally on the PIX for 20 users or creating 20 usernames on the pix. I thought it would be easier for staff if they could use there Active Directory usernames and passwords.
The Active Directory Subnet is allowed in the VPN tunnel and I can ping the AD server when I use and one of the local username and passwords on the pix.
thanks for you help,
Dan
05-05-2010 04:37 PM
Unfortunately PIX version 6.3.3 does not support authentication to Active Directory. PIX v6.3.3 only supports authentication to PIX local database, radius and tacacs server.
If you would like to authenticate to your active directory, it is supported from PIX v7.x onwards.
Here is the different types of authentication supported from PIX v7.x onwards for your reference:
http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/aaa.html
Hope that answers your question.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide