Cisco – Connect PIX to Active Directory for VPN

active-directoryciscovpn

I have a Cisco PIX 515E that is currently acting as office's router. We have an MS domain, and utilize MS VPN for remote access. I would like to use the Cisco VPN functionality built into the PIX and leverage active directory for authentication; however, I have not found a good source for instructions on how to do this. I am a programmer with a sys admin hobby, so the instructions I'm looking for should not be geared towards a Cisco or AD expert. Do any instructions like these exist?

Best Answer

You need the Internet Authentication Service (IAS) installed on a domain member server and a shared secret that you enter on the IAS server and PIX.

then execute on your PIX:

aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host IAS_SERVER SharedSecretHere timeout 10
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication RADIUS
crypto map outside_map interface outside
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 
vpngroup Remote address-pool pix_inside
vpngroup Remote dns-server DNS_SERVER_1 DNS_SERVER_2
vpngroup Remote wins-server WINS_SERVER
vpngroup Remote default-domain domainToAuthenticate
vpngroup Remote idle-time 1800

That should point you in the right direction and get you started.

Best Answer

Related Solutions

Cisco IPsec VPN Active Directory Authentication

Cisco – Un-failing over a Cisco PIX 515e

Related Topic