Cisco ACS, PIX and VPN problem

0 pts.
Tags:
DHCP
DNS
Firewalls
Forensics
Incident response
Intrusion management
Network security
Networking
Networking Equipment
Networking services
VPN
Wireless
I am trying to configure Cisco PIX to accept vpdn connections that will be authenticated by the Cisco ACS after looking up username and profile details in Active Directory. I am seeing failed attempts on the ACS - so I think the config is ok (below) access-list acl_in permit ip 10.xxx.xxx.0 255.255.255.0 10.xxx.xxx.0 255.255.255.0 access-list acl_in permit ip 10.xxx.xxx.0 255.255.252.0 10.xxx.xxx.0 255.255.255.0 ip local pool pptp-pool 10.xxx.xxx.xxx-10.xxx.xxx.xxx aaa-server AuthInbound protocol radius aaa-server AuthInbound (inside) host 10.xxx.xxx.xxx <key is here> timeout 5 sysopt connection permit-pptp vpdn group 1 accept dialin pptp vpdn group 1 ppp authentication pap vpdn group 1 ppp authentication chap vpdn group 1 ppp authentication mschap vpdn group 1 ppp encryption mppe auto vpdn group 1 client configuration address local pptp-pool vpdn group 1 client authentication aaa AuthInbound vpdn enable outside I am not sure where to go next - does anyone know of a dcument that explains this type of configuration or how to implement it? Many thanks
ASKED: March 9, 2005  3:41 AM
UPDATED: March 10, 2005  3:50 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

What version of is the ACS? There are some problems with older versions.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Bobkberg
    Do a web search on how-to articles for this. I found a bunch, and that helped me get my config working. If you contact me privately, with a direct email address, I can send you some of the docs I got. Bob
    1,070 pointsBadges:
    report
  • Silks101
    Version is 3.1 - but I am looking o upgrade to 3.3 I have managed to get mppe working I was missing a no_nat acl on the router and it successfully queries AD. XP machines and 2000 machines appear to be ok - for some reason pptp wil not wok - it will connect - but I cannot do anything while I am hooked up.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following