We help IT Professionals succeed at work.

Cisco Pix VPN Windows 2003 domain integration

jt003649
jt003649 asked
on
23,015 Views
Last Modified: 2013-11-16
Hi All,

We have a windows 2003 domain and are planning to install a Cisco Pix 515 firewall. I've already configured a few Pix firewalls for Pix to Pix tunnels, and basic client VPN sessions using pptp and a username and password contained in the pix's configuration. What we would like to do with the Cisco Pix 515 at this particulat site is allow users to connect to the network via a VPN connection, using their Active Directory username and password. How can we achieve this? Would we need to purchase any additional software or hardware.

Cheers.
Comment
Watch Question

CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for the answer Tim. Looks like the VPN 3005 is the way forward.

Would it also be possible to use an Microsoft IAS server, integrated into AD, as a Radius server to authenticate using AD accounts?
CERTIFIED EXPERT

Commented:
You can use Microsoft RAS as a VPN Server, and use the MS VPN client (PPTP / IPSEC), but this is software based and you really need VPN accelerator hardware in order to use a reasonable amount of VPN clients.

Commented:
You can also use the Cisco VPN client and the Radius server on Windows 2000/2003 Internet Authentication Services (IAS) to authenticate users using AD.  I just set this up the other day with a 515 (6.3) and a 2003 domain using the very detailed instructions from Cisco:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Commented:
tim holman is right, but missing a feature of the PIX.  Setup the "Internet Authentication Service" on windows, aka RADIUS, and configure the pix as per dpc453's note.

We've got a pix 515 authenticating against a windows active directory domain quite happily.
CERTIFIED EXPERT

Commented:
Good point !
PIX will happily do RADIUS / TACACS+ natively.... :)
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.