Client VPN to PIX with Windows user/group permissions?

I'm trying to set up remote VPN access to a network and have the remote user authenticated against our Windows network's users/groups to set permissions for local access to the network. This is for a non-profit organization with limited funds to purchase additional technology, and I'd like to be able to do it with the available resources described below, if possible.

The network consists of a Windows 2003 Standard Server with Active Directory as the domain controller (upgraded from NT4, clean as a new BDC) behind a PIX 506E (6.3.4) behind a Cisco 1721 router. The inside network is using all non-routable IPs (192.168.x.x) and there are a couple of other servers (SQL, etc.) on the network plus about 45 workstations.

I can configure the PIX for Cisco client VPN access (tested with 4.05D) and authenticate the users against the Windows IAS RADIUS server OK but am missing how to have the user's internal network Windows permissions assigned to the VPN user's session. I have tried setting the "Enable start before logon" in the Windows Logon Properties window of the Cisco VPN client but that does not cause a network logon, so I imagine I am missing something in the RADIUS or other IAS configuration. I admit to being new to using IAS and RADIUS.

I can post the PIX config but am thinking that if I can authenticate against the RADIUS server, this may not be a PIX issue as much as a Windows or IAS config one. I have looked at the example configurations on the Cisco TAC site and googled for a solution but am obviously missing something. Any pointers or links are welcome. Thanks in advance.


Reply to
Randy Wilson
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.