Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco VPN Client and Radius Authentication

Posted on 2004-08-30
11
Medium Priority
?
373 Views
Last Modified: 2013-11-16


I currently have a setup where a PIX 515 contacts a server on my network that runs the basic Internet Authentication Server (The one that comes with Win2k) as a RADIUS server.

This setup works and queries the AD to authenticate the user. However it appears that the user does not retain any Authentication token or that it is not being passed on. When a user attempts to access a resource i.e. \\server\share it prompts for a Windows userID and password. How can I configure this so that the user remains "Windows Authenticated". One caveat I am not speding 5K on Cisco ACS. Any ideas?

Thanks,

Justin
0
Comment
Question by:jlazanowski
  • 5
  • 4
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 11932975
Have the client set up to "enable start before logon"
This will start the client to authenticate and gain network access, then the user can use their domain credentials to log into the workstation and all credentials will pass to the resources..
If the workstation is not already a memeber of the Active Directory, then every resource will still request and require authentication..
0
 
LVL 1

Author Comment

by:jlazanowski
ID: 11933114
These machines do not belong to my company and therefore are not part of our AD. Is there any other way to do this without having the machine login to the Domain?

Thanks,
Justin
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11933781
No. They will simply have to provide domain credentials once again after they login to the VPN.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 1

Author Comment

by:jlazanowski
ID: 11933942
There isn't any other software out there that will keep an authentication token open other than ACS? Come on there are always more options

Justin <---- Still holding out faith.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 11934192
I wouldn't hold out much hope since the Cisco client is not a Windows client and cannot proxy the authentication. The initial authentication is only "permission to come aboard" the network proper, and as you have discovered does not carry a token for subsequent requests to access network (AD) resources.
One option is to have the client PC in the AD domain.
One other technique that I have used to "fudge" this is to have the client PC in a workgroup with the same name as the AD domain.
Another option is to use MS PPTP client instead of the Cisco IPSEC client.

I also don't think ACS will help you in this even if you did invest in it.
0
 
LVL 1

Author Comment

by:jlazanowski
ID: 11934373
I have installed ACS and it did pass authentication to me and work like I wanted when I installed the trial. I was going to just buy it until I saw the price tag. I know Cisco likes to stick it to their customers but I think this is a little insane.

Justin
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11934723
When you tested out ACS, was your test vpn PC a member of the domain?
0
 
LVL 1

Author Comment

by:jlazanowski
ID: 11934765
No. It was my home workstation that had no Domain Access.

I appreciate your help in all of this. I am going to leave this question open for a day or two to see if anyone else has two cents to throw into this one.

Justin
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11934842
I'll be just as anxious to hear any other ideas....

0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month10 days, 20 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question