Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco Secure ACS and PIX

Status
Not open for further replies.

silks101

Technical User
Apr 28, 2003
64
GB
I am currently in the process of setting up a VPN solution. I have the firewall currently issuing the IP address for clients when they log in - however I want the ACS to do this job as I can then restrict the access rights for different user groups.

set up currently is as follows

Client --> Firewall --> ACS --> AD profile --> authentication

the firewall is giving out he IP address bu I want the ACS box to do this.

If I take out the
vpdn group 1 client configuration address local pptp-pool
command I cannot connect at all.

Is there a way of telling traffic to get an IP and DNS information from the ACS after it has hit the firewall
 
Hi there,

we experience the vpn like this:

Client-> FWexternal -> C3005VPN box -> FW intern ->ACS

1. C3005 is a AAA/Radius Client of ACS
2. Define groups and users on ACS.
3. Define IP pools on ACS for each group
You can define fixed IP for a particular user.

In your case, you FW must be a client radius of you ACS.
 
yes that is right - What I have managed to do curretly is to have the FW allocate the client config (DNS IPaddress etc)
I have set up groups in ACS which have their access restricted by using the downloadable PIX ACLS which appears to be working fine

I do have a problem with routing the vpn traffic. network is set up as follows

fw -> core switch -> LAN

what I want to do is route the VPN traffic across to our other networks so that they have full access to most areas of the network.

fw -> core switch -> LAN -> rest of network

I am having difficulty routing this traffic outside of the Local LAN, Does any one have any experience of this or could point me in the right direction.

Thanks
 
If you succeed to reach from the CLient VPN to hosts on your Lan, so everything works fine.
I don't understand your term "rest of the Network", What is between Lan and rest of the network?

Lequang
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top