04-03-2002 05:31 AM - edited 02-21-2020 11:40 AM
Q 1.)
I have several clients that I would be nice if
they could use 3DES, although I do not want to
have 3DES for the rest of the VPN connections,
is this possible and in that case how is that
possible?
Q 2.)
It there any possibility to have the the
Cisco VPN clients managed by Windows 2000 AD?
Q 3.)
Is there a possibility to set usernames and
passwords for the VPN Client users in the PIX?
04-13-2002 05:53 PM
If you are using the Cisco Unity client, on the head end vpn g/w you could set two different group with different transform sets and corresponding ike policy, one uses 3des, and the other des. The clients are then configured to the appropriate groups they are allowed to connect to.
There is no direct way of managing the vpn client via AD. You could however implement user authentication for the vpn client via radius, and the radius server could then backend to AD for username/pw. That way the AD is looked up for the username/pw challenge to the vpn client.
Username/pw for vpn clients on the PIX could only be set on the radius server and not locally.
06-11-2002 12:53 AM
well, you can configure your authentication server as a windows 2000 AD in order to use AD for external authentication. Make sure that you are giving netbios name of AD server not the domain name. Cicso 3005 understand only the server name.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide