Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco Secure ACS and PIX

Status
Not open for further replies.
silks101

silks101

Technical User
Apr 28, 2003
64
GB
I am currently in the process of setting up a VPN solution. I have the firewall currently issuing the IP address for clients when they log in - however I want the ACS to do this job as I can then restrict the access rights for different user groups.

set up currently is as follows

Client --> Firewall --> ACS --> AD profile --> authentication

the firewall is giving out he IP address bu I want the ACS box to do this.

If I take out the
vpdn group 1 client configuration address local pptp-pool
command I cannot connect at all.

Is there a way of telling traffic to get an IP and DNS information from the ACS after it has hit the firewall
 
Sort by date Sort by votes
Hi there,

we experience the vpn like this:

Client-> FWexternal -> C3005VPN box -> FW intern ->ACS

1. C3005 is a AAA/Radius Client of ACS
2. Define groups and users on ACS.
3. Define IP pools on ACS for each group
You can define fixed IP for a particular user.

In your case, you FW must be a client radius of you ACS.
 
Upvote 0 Downvote
yes that is right - What I have managed to do curretly is to have the FW allocate the client config (DNS IPaddress etc)
I have set up groups in ACS which have their access restricted by using the downloadable PIX ACLS which appears to be working fine

I do have a problem with routing the vpn traffic. network is set up as follows

fw -> core switch -> LAN

what I want to do is route the VPN traffic across to our other networks so that they have full access to most areas of the network.

fw -> core switch -> LAN -> rest of network

I am having difficulty routing this traffic outside of the Local LAN, Does any one have any experience of this or could point me in the right direction.

Thanks
 
Upvote 0 Downvote
If you succeed to reach from the CLient VPN to hosts on your Lan, so everything works fine.
I don't understand your term "rest of the Network", What is between Lan and rest of the network?

Lequang
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

stanlyn
  • Locked
  • Question
Remote Desktop Access with Secure HTML Browser
Replies
0
Views
163
stanlyn
stanlyn
Motability
  • Locked
  • Question
Cisco PIX 7.x Client VPN Failing
Replies
0
Views
114
Motability
Motability
kjv1611
  • Locked
  • Question
Best Free or Cheap Remote Access Application / Tool for Windows 8 and 10?
Replies
0
Views
165
kjv1611
kjv1611
Destro1924
  • Locked
  • Question
Cisco 877w Access lits/port forwarding issues- Help needed
Replies
0
Views
153
Destro1924
Destro1924
hdaoudi
  • Locked
  • Question
VPN Secure Router avaya "nortel" SR 1001S Configuration?
Replies
0
Views
53
hdaoudi
hdaoudi

Part and Inventory Search

Sponsor

Back
Top