01-31-2007 12:21 PM
How do I setup a local database on the PIX 515 to allow VPN user access. I am running 7.1(2).4
Also, I've seen a lot of reference to ACS. Is this the best way for users to authenticate when connecting with a Cisco VPN client?
Thanks.
02-01-2007 07:56 AM
username bosch password bosch321 privilege 2
In the tunnel group section for the VPN clients, make sure you have authentication set to LOCAL.
If you have an ACS server, you can just point the ASA to the ACS server. All the user level settings can be done on the ACS.
Its purely a choice of network security and company policy. I would use an ACS server to set up user accounts, rather than using the ASA.
Cheers
Gilbert
02-01-2007 08:07 AM
Thanks Gilbert.
Is there any documentation on how to setup a ACS server and get it working with VPN clients?
Does this tie in with Active Directory?
Thanks,
Scott
02-01-2007 09:19 AM
Quick Commands needs for ASA to setup ACS server authentication:
A. Setting up ACS server
aaa-server SNOW protocol radius
aaa-server SNOW (inside) host 10.10.10.22
key cisco123
B. Setting up the Tunnel-group for ACS server authentication
tunnel-group
authentication-server-group SNOW
The ACS will be able to talk with Active Directory if users are configured on the AD and proper setup on the ACS is done inorder to query AD for user authentication request.
Sorry, I am no expert in AD. :(
Rate it, if this helps.
02-01-2007 10:07 AM
How do I setup the ACS server. Just download it from this site and install it?
Is there any guides available to install. Does it just need to be on a Windows server or on a domain controller.
Thanks.
02-01-2007 10:18 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide