User authentication 2

[colinT23]

Hi guys,

I recently setup a Cisco 877 for a client which seems to work well (well, the VPN does but broadband is slow but that's another story!). The VPN wizard allowed me to setup extended user authentication so that each user, once connected via the Cisco VPN Client software then gets asked to provide another username/password combo which is authenticated locally by the 877. This works great and gives me the double authentication I need. How can I accomplish this with a PIX ? I need to setup a SBS server behind a 501 and would like the double authentication as an extra security measure for remote users. TIA.

Regards Colin.

 

[Supergrrover]

You just need to add this to the crypto map

crypto map [MAPNAME] client authentication LOCAL

Then add the usernames and passwords with priviledge less than 15.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[colinT23]

Hi Brent,

It's that simple ? Damn !!!
Many thanks.

Regards Colin.

 

[Supergrrover]

Once you have it up and running, switch it over to RADIUS off the SBS server. It's just a few tweaks and then you can manage everything off the SBS server (password changes, etc.) I am not sure if you can do per-user ACLs of the windows radius and it might be overkill but kind of cool to play with.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[colinT23]

Err...I'll have a think about that one !!