PIX 501 - VPN and gre

- R
- rem2500
  
  Contact options for registered users
posted
18 years ago

Tue, Jan 24, 2006 7:43 PM

Hey everyone. I have setup a VPN on my Cisco PIX 501 and I'm trying to get it to work where a user's username and password are checked against the Active Directory list on the server.

This has led me to try to setup the protocol gre. I pulled some command lines off of Cisco's site to do this but the commands keep failing. I have version 6.3(4) on my PIX. Also, I am replacing "pixfirewall" with the name of our firewall. Anyone see any reason why they would not be working? The information below is what I have pulled off of Cisco's site:

Commands to Add for Version 6.3 Complete these steps to add commands for version 6.3:

Enable the fixup protocol pptp 1723 using this command.

pixfirewall(config)#fixup protocol pptp 1723

You do not need to define a static mapping if the PPTP fixup protocol is enabled. You can use PAT.

pixfirewall(config)#nat (inside) 1 0.0.0.0 0.0.0.0 0 0

pixfirewall(config)#global (outside) 1 interface

Thanks! REM

Loading thread data ...

- S
- stl-eng
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Wed, Jan 25, 2006 5:49 PM

Pix auth proxy works against TACACS or Radius thats about it. If you want you can terminate the vpn tunnels directly to your 2003 server with microsoft vpn that will allow you to use your ldap database for authent lists or you can get a cisco 3000 series concentrator that will auth proxy AD Radius windows nt etc etc or you can get a cisco acs and backend the user database from active directory and the pix can auth proxy acs.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.