TinRam
MIS
- Jan 2, 2001
- 99
Friends…
I need little insight into using Microsoft IAS as a Radius server to authenticate VPN users connecting to a PIX. I have the PIX VPN working well with a local database, but users would like to use their windows passwords to log in.
I register the IAS server in AD then in IAS clients I create a new entry.
Does it matter what the friendly name is? Does that have to match anything in the PIX?
Can the client-vendor stay as RADIUS-Standard or should I change it to Cisco?
The shared secret is the same as I entered into the pix.
Do I have to do anything else in IAS?
On the pix, I enter:
Aaa-server RADIUS protocol radius
Aaa-server RADIUS (inside) host X.X.X.X sharedkey timeout 5
Then in my crypto map I specify to use the group RADIUS for authentication.
Do I need to do anything else? Should I also state aaa authentication include any…… I think that is only for authenticating things like telnet, isn’t it?
Perhaps there is an article you can point me to?
Thanks a bunch!
I need little insight into using Microsoft IAS as a Radius server to authenticate VPN users connecting to a PIX. I have the PIX VPN working well with a local database, but users would like to use their windows passwords to log in.
I register the IAS server in AD then in IAS clients I create a new entry.
Does it matter what the friendly name is? Does that have to match anything in the PIX?
Can the client-vendor stay as RADIUS-Standard or should I change it to Cisco?
The shared secret is the same as I entered into the pix.
Do I have to do anything else in IAS?
On the pix, I enter:
Aaa-server RADIUS protocol radius
Aaa-server RADIUS (inside) host X.X.X.X sharedkey timeout 5
Then in my crypto map I specify to use the group RADIUS for authentication.
Do I need to do anything else? Should I also state aaa authentication include any…… I think that is only for authenticating things like telnet, isn’t it?
Perhaps there is an article you can point me to?
Thanks a bunch!