A configuration question using Cisco PIX 501 / 506 with Windows AD Authentication

Posted on 2005-04-19
Medium Priority
Last Modified: 2010-04-12
The current configuration uses a Cisco PIX 506 and users are authenticated by group as defined on the PIX.  The users connect via Cisco VPN Client 3.x and 4.x  and will continue to do so.

I would like to get some info on using Windows 2000/2003 Active Directory to further authenticate the users.  I am looking to simplify user management as well as increase security.

This is a pretty open ended question, but I appreciate any input.

Thanks in advance.
Question by:timvand
  • 2
  • 2

Accepted Solution

magicomminc earned 1000 total points
ID: 13819325
Cisco PIX 6.x only supports TACACS and Radius, in another word, you would need MS IAS SERVER for authentication, chech this link out:
Active Directory (windows DC) is using Kerberos, it's not supported at 6.x. The feature is the pipeline of pix 7.x release, but as of now, 7.01 release doesn't support that yet.


Expert Comment

ID: 13820205
My apology: Kerberos and NT-domain is supported as of 7.0.1, here is the link:
LVL 79

Expert Comment

ID: 13829313
Since neither the 501 nor the 506 suppor the new 7.x PIX OS, then your only solution is to enable IAS, which you get *free* with any Win2k/3 server. IAS fully integrates into AD for user authentication.
Link provided by magicomminc above should get you started..
LVL 79

Expert Comment

ID: 14354165
Are you still working on this?
Have you found a solution?
Do you need more information?

This question will be classified as abandoned soon if we don't get some feedback from you.

Can you close out this question? See here for details:

Thanks for your attention!

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question