Thanks again for the replies everyone it worked just fine
Patrick Donlon wrote: > Thanks for the replies, I only want to authenticate admininistrators on the > PIX, will let you know how I get on > > Cheers > > Pat > > -- > > email me on : [EMAIL PROTECTED] > > ""nrf"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > In such a situation, authorization would be achieved by writing a bunch of > > access-lists on the Pix. Then, you designate those particular > access-lists > > within the radius server for individual users. For example, let's say you > > have a user called billclinton, and you want to restrict his access to > > certain websites. So you write an access-list that does that, and then in > > his radius profile, you "call" that access-list. > > > > This works when you are doing straight authentication through the Pix > > directly. I have never tried it through a VPN. > > > > > > ""Darren Mitchelmore"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > NRF. > > > > > > I am just about to setup a PIX 515 with the Cisco VPN client and the ias > ( > > > WIN2K RADIUS SERVER ). From my understanding the VPN client has a group > > > login then the user will be prompted for a username/password that the > > > PIX will pass to the IAS server using Radius. That will be authenticated > > > against the Win username / password database (used to be called SAM ??) > on > > > the IAS server. > > > > > > I believe that this is authentication. Not sure how authorisation is > > > achieved. How do you tie in the access-list > > > to that individual user ?? > > > > > > Is this the setup you have got going ?? > > > > > > Do you have any problems implementing it ?? > > > > > > PS - I have setup PIXs before but only with simple policies... > > > > > > Best Regards, > > > Darren M > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: nrf [SMTP:[EMAIL PROTECTED]] > > > > Sent: Wednesday, April 24, 2002 3:57 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: PIX and AAA [7:42302] > > > > > > > > Well, actually, the Pix does support a very limited amount of Radius > > > > authorization. It's only for users going through the Pix, not > > > > administrators of the Pix. And the authorization 'capabilities' only > > > > allow > > > > you to invoke existing access-lists on the Pix for certain users, so, > > like > > > > I > > > > said, it's very limited. Still, the capability exists. > > > > > > > > > > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/mn > > > > ga > > > > cl.htm#xtocid10 > > > > > > > > > > > > ""Georg Pauwen"" wrote in message > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Paul, Tim, Patrick, > > > > > > > > > > you guys are good ! You are right, I wasn4t specific enough in what > I > > > > said: > > > > > PIX does support RADIUS, but it does NOT support RADIUS > Authorization > > :) > > > > > > > > > > Regards, > > > > > > > > > > Georg > > > > > > > > > > > > > > > >From: "Paul Borghese" > > > > > >To: "Georg Pauwen" , > > > > > >Subject: Re: PIX and AAA [7:42302] > > > > > >Date: Tue, 23 Apr 2002 10:03:43 -0400 > > > > > > > > > > > >The pix does support radius. I am using it for a small client to > > > > > >authenticate PPTP connections using the Microsoft 2000 Radius > server. > > > > > > > > > > > >Paul Borghese > > > > > >----- Original Message ----- > > > > > >From: "Georg Pauwen" > > > > > >To: > > > > > >Sent: Tuesday, April 23, 2002 7:16 AM > > > > > >Subject: RE: PIX and AAA [7:42302] > > > > > > > > > > > > > > > > > > > Hi Patrick, > > > > > > > > > > > > > > yes, aaa is fully supported on the PIX (remember, though, that > the > > > > PIX > > > > > >does > > > > > > > not support RADIUS). Follow this link for a command overview of > > aaa > > > > on > > > > > >the > > > > > > > PIX: > > > > > > > > > > > > > > > > > > > > > > > > > >http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/a > > > > b. > > > > h > > > > > >tm#xtocid3 > > > > > > > > > > > > > > Regards, > > > > > > > > > > > > > > Georg > > > > > _________________________________________________________________ > > > > > Chat with friends online, try MSN Messenger: > http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43143&t=42302 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]