Cisco ACS, PIX and VPN problem
DHCP, DNS, Firewalls, Forensics, Incident response, Intrusion management, Network security, Networking, Networking Equipment, Networking services, VPN, Wireless
I am trying to configure Cisco PIX to accept vpdn connections that will be authenticated by the Cisco ACS after looking up username and profile details in Active Directory.
I am seeing failed attempts on the ACS - so I think the config is ok (below)
access-list acl_in permit ip 10.xxx.xxx.0 255.255.255.0 10.xxx.xxx.0 255.255.255.0
access-list acl_in permit ip 10.xxx.xxx.0 255.255.252.0 10.xxx.xxx.0 255.255.255.0
ip local pool pptp-pool 10.xxx.xxx.xxx-10.xxx.xxx.xxx
aaa-server AuthInbound protocol radius
aaa-server AuthInbound (inside) host 10.xxx.xxx.xxx <key is here> timeout 5
sysopt connection permit-pptp
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe auto
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 client authentication aaa AuthInbound
vpdn enable outside
I am not sure where to go next - does anyone know of a dcument that explains this type of configuration or how to implement it?
Many thanks
Software/Hardware used:
Software/Hardware used:
ASKED:
March 9, 2005 3:41 AM
UPDATED:
March 10, 2005 3:50 AM
Answer Wiki:
What version of is the ACS? There are some problems with older versions.
To see all answers submitted to the Answer Wiki: View Answer History.
Do a web search on how-to articles for this. I found a bunch, and that helped me get my config working.
If you contact me privately, with a direct email address, I can send you some of the docs I got.
Bob
Version is 3.1 – but I am looking o upgrade to 3.3
I have managed to get mppe working I was missing a no_nat acl on the router and it successfully queries AD. XP machines and 2000 machines appear to be ok – for some reason pptp wil not wok – it will connect – but I cannot do anything while I am hooked up.