Setting up a VPN using a Cisco router

[dreeves33]

I am trying to setup a VPN using a Cisco router. I want to use our systems Domain to authenticate the user (rather than setting up username and passwords on the router). I am having a very difficult time in doing this, can anyone help me out?

 

[lambent]

You may need to have another authentication server running TACACS+ or RADIUS, then configure that server to use, say Windows AD for authentication. At least I know Cisco Secure ACS server can do this.

The following link shows you how to configure TACACS+ authentication for VPN clients 4.x.

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml

 

[dreeves33]

thank you so much for the help; one more question. Can you suggest an easy-to-use TACACS+ or RADIUS software package?

 

[lambent]

I use Cisco Secure ACS server but I'm not sure if it's easy to you or not. It has GUI so I think it should be fine.

 

[SMBgeek]

I use this at my office. I think the nicest setup is the enable RADIUS on the PIX and point it at your Domain Controller. Then install IAS (Internet Authentication Service) on your Domain Controller (built into Windows server 2k/2k3). This will enable RADIUS capabilities on your server. You can then create a Security group on your Domain (e.g., VPN Users) and simply add users to that security and relate it to your IAS config and then voila! Just add a user to VPN Users and they have VPN access. Change your Domain password and your VPN password changes.

It works great. Hope this helps. Let me know if you need specific config help.

http://www.smbgeek.com

 

[dreeves33]

Wow, thanks for all of the help. I got it running using the Cisco ACS but really wanted to use the IAS since its free. I will try it using the IAS, i thought maybe since i did not have an active directory it wouldnt work.

I did run into another problem regarding the performance of the VPN. Its really slow. I am looking at a Concentrator to get this done instead.