cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
365
Views
0
Helpful
2
Replies

Q1.) 3DES and VPN Clients. Q2.) VPN Clients connect with W2000 AD.

henrik.sandberg
Level 1
Level 1

Q 1.)

I have several clients that I would be nice if

they could use 3DES, although I do not want to

have 3DES for the rest of the VPN connections,

is this possible and in that case how is that

possible?

Q 2.)

It there any possibility to have the the

Cisco VPN clients managed by Windows 2000 AD?

Q 3.)

Is there a possibility to set usernames and

passwords for the VPN Client users in the PIX?

2 Replies 2

cjacinto
Cisco Employee
Cisco Employee

If you are using the Cisco Unity client, on the head end vpn g/w you could set two different group with different transform sets and corresponding ike policy, one uses 3des, and the other des. The clients are then configured to the appropriate groups they are allowed to connect to.

There is no direct way of managing the vpn client via AD. You could however implement user authentication for the vpn client via radius, and the radius server could then backend to AD for username/pw. That way the AD is looked up for the username/pw challenge to the vpn client.

Username/pw for vpn clients on the PIX could only be set on the radius server and not locally.

nsplcisco
Level 1
Level 1

well, you can configure your authentication server as a windows 2000 AD in order to use AD for external authentication. Make sure that you are giving netbios name of AD server not the domain name. Cicso 3005 understand only the server name.