Solved

Cisco Pix VPN Windows 2003 domain integration

Posted on 2004-03-24
6
22,903 Views
Last Modified: 2013-11-16
Hi All,

We have a windows 2003 domain and are planning to install a Cisco Pix 515 firewall. I've already configured a few Pix firewalls for Pix to Pix tunnels, and basic client VPN sessions using pptp and a username and password contained in the pix's configuration. What we would like to do with the Cisco Pix 515 at this particulat site is allow users to connect to the network via a VPN connection, using their Active Directory username and password. How can we achieve this? Would we need to purchase any additional software or hardware.

Cheers.
0
Comment
Question by:jt003649
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 23

Accepted Solution

by:
Tim Holman earned 200 total points
ID: 10669192
Cisco PIX offers no native support for either NT domain or Active Directory authentication.
Ways round this are to use CiscoSecure ACS as a TACACS server.  This provides the NTLM or AD link, and allows you to authenitcate users pretty much anyway you please -

CSACS-3.2-WIN-K9      Cisco Secure ACS 3.2 for Windows      $5,995      £4,117 (list price - you should be able to get 40% off this from a good supplier !)

You would need a platform on which to run this.

Alternatively, the VPN 3000 series does offer integrated NTLM / AD authenticaion.  A basic model such as the VPN 3005 is far cheaper than ACS, and will probably serve your needs better:

CVPN3005-E/FE-BUN      VPN3005:Chassis, 2FE, 200 user, client, SW, US PWR      $2,995      £2,057


0
 

Author Comment

by:jt003649
ID: 10670031
Thanks for the answer Tim. Looks like the VPN 3005 is the way forward.

Would it also be possible to use an Microsoft IAS server, integrated into AD, as a Radius server to authenticate using AD accounts?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10695412
You can use Microsoft RAS as a VPN Server, and use the MS VPN client (PPTP / IPSEC), but this is software based and you really need VPN accelerator hardware in order to use a reasonable amount of VPN clients.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Expert Comment

by:dpc453
ID: 10784138
You can also use the Cisco VPN client and the Radius server on Windows 2000/2003 Internet Authentication Services (IAS) to authenticate users using AD.  I just set this up the other day with a 515 (6.3) and a 2003 domain using the very detailed instructions from Cisco:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml
0
 
LVL 2

Expert Comment

by:jon47
ID: 10868800
tim holman is right, but missing a feature of the PIX.  Setup the "Internet Authentication Service" on windows, aka RADIUS, and configure the pix as per dpc453's note.

We've got a pix 515 authenticating against a windows active directory domain quite happily.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10869947
Good point !
PIX will happily do RADIUS / TACACS+ natively.... :)
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA 5506X create a simple DMZ 4 57
VLAN Configuration on Cisco Switch 8 49
types of VPN 2 53
Cisco L3 Switch - Show DHCP Server's IP Address for every VLAN 3 9
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question