VPN on PIX

kwank · ‎08-30-2001

Hi,

We are planning to get a PIX515R, so we want to know how it works before I ask my boss to put money on it. I have several questions on how PIX works with VPN.

VPN Question

1 How do Cisco VPN clients (moible users) work? If I set up Radius on a W2K server behind PIX, is it possible to get PIX works with W2K server to get Cisco VPN clients authenticate and connect to the internal network? Or clients need to authenticate on PIX first then authenticate again on the W2K server?

2 Is there anything to setup on PIX to get it to work with Cisco VPN client?

Thanks,

Kwank

rrbleeker · ‎08-31-2001

Answers:

1) You can use either RADIUS or TACACS+ for user authentication with PIX VPNs. The user will be challenged for a username/password and the PIX will forward the information to the authentication server.

2) You need to obtain a key that supports DES or 3DES from Cisco and load the key on the PIX. DES is free of charge while 3DES cost some money. For DES see: http://www.cisco.com/kobayashi/sw-center/internet/pix-56bit-license-request.shtml

kwank · ‎09-01-2001

Thanks.

mike.t · ‎09-20-2001

Can you do this setup without RADIUS or TACACS+? Can you just use a list of usernames and passwords?