Ang: Re: Ang: Re: [VPN] PIX515UR VPN configuration
hakan.palm at generic.se
hakan.palm at generic.se
Thu Jan 30 10:59:06 EST 2003
Well, yeah you did indeed write that he needed
a RADIUS-server to talk to the Win 2k AD which
is true. Bad wording from my side I guess. My
bad... What I felt that you missed to point out
was that it is indeed possible to use the Win 2k
IAS as a RADIUS-server, thus eliminating the
need for another RADIUS-server. I really do
like the Cisco ACS since it is really nice to use
and makes life really simple when using
VPN3000, VPN5000 and PIX for example...
Quite a few small and medium sized business
I've come across do not feel like buying or at
least setting up another piece of software and
possibly another box just to proxy the RADIUS
requests to the Win 2k AD...
Regards,
/Palm
losttoy2000 at yahoo.co.uk
2003-01-29 17:55
Till: vpn at lists.shmoo.com @ INTERNET
Kopia: (Blank: Hakan Palm/Generic)
Ärende: Re: Ang: Re: [VPN] PIX515UR VPN configuration
Isn't that what I said. You have to use a
RADIUS/TACACS+ server. Whether you use Win2K IAS
RADIUS or Cisco ACS is a matter of choice.
You need to point the PIX to a AAA server (RADIUS or
TACACS+) since PIX cannot itself talk to a WinNT
Domain/Win2k ADS or a LDAP Server.
--- hakan.palm at generic.se wrote: > With all due
respect, I do believe this is wrong.
> As far as I know you could use the Windows 2k
> IAS RADIUS interface to the AD to authenticate
> the users.
> > Ofcourse you can use e.g. Cisco ACS to proxy the
> request to your AD... Although the value to you if
> you are using the built in VPN client in Win 2k
> might
> be small. It might be another story if you plan to
> use the Cisco VPN client 3.x...
> > Have a look at this page. Although it is for Cisco's
> VPN client you'll probably get the idea...
> >
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_exa
> mple09186a00800b6099.shtml
> > > > > > > losttoy2000 at yahoo.co.uk
> 2003-01-28 16:04
> > Till: roger.qian at sholodge.com @ INTERNET,
> vpn at lists.shmoo.com @ INTERNET
> Kopia: (Blank: Hakan Palm/Generic)
> Ärende: Re: [VPN] PIX515UR VPN configuration
> > If you want to integrate Windows 2000 AD with PIX
> for
> VPN Authentication then you would have to point the
> PIX AAA Server setting to a RADIUS/TACACAS+ server.
> This RADIUS/TACACS+ server would in turn talk to
> Win2K
> AD. For eg. Cisco ACS Server.
> > Here is an example of Win2K to PIX IPSec VPN.
>
http://www.cisco.com/en/US/tech/tk648/tk367/technologies_configuration_example09
> 186a00800b12b5.shtml
> > > > --- "Qian, Roger" <roger.qian at sholodge.com> wrote:
> >
> Hi All,
> > Please anybody can help me on how to configure VPN
> > on PIX515UR firewall and
> > using Windows 2000 as the client, how to select
> and
> > configure a server as an
> > AAA server in the LAN to meet the "AUTH" needs.
> > We're using Windows 2000 AD
> > domain.
> > Thanks,
> > Roger
> > _______________________________________________
> > VPN mailing list
> > VPN at lists.shmoo.com
> > http://lists.shmoo.com/mailman/listinfo/vpn
> __________________________________________________
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
> > > > > _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn __________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
More information about the VPN
mailing list