You can simply create usernames / passwords locally on the PIX's (actually
only on the active one, since they're in failover mode). This works fine
IF you only have a few people to manage. If you have an evolving
organization or if you are going to need to delegate authority to modify
those accounts, you could also simply get a very inexpensive (or free)
RADIUS package such as Steel Belted Radius. If you're running any *NIX,
there are plenty of GNU RADIUS products available. If you aren't familiar
with RADIUS, it isn't difficult in the least (IMHO). The only item I
would question is why you would want to use L2TP. You might want to think
that one through.
There are plenty of "how-to's" on Cisco's site that pretty much have
exactly what you need, to the point that you can almost cut and paiste
into your config (not that I'm recommending that). Just do a search on
Cisco's TAC site.
Hope that helps.
Brian
Brian R. Wilkins
CISSP / GSEC / NSA(IAM) / MCSE / CCNP / CNE
Hello everybody, First post here :-)
We have 2 pix 512E (1 is the failover).
I'm trying to configure the pix as a VPN server.
I'm no use to configure IPSEC/L2TP VPN server (except MS ones)
I read about configuring PIX as a VPN server (CISCO web site).
But It talked about TACACS and radius as the users database.
We do not have RADIUS or TACACS server so can we have users inside the VPN
?
Do you know good how-to sites for PIX 512E ?
Thank to all !
The information contained in this communication is confidential and may
constitute non-public and/or "inside" information. It is intended only for the
use of the addressee and is the property of TAP Pharmaceutical Products Inc.
Unauthorized use, disclosure, or copying of this communication, or any part
thereof, is strictly prohibited and may be unlawful. If you received this
communication in error, please notify me immediately by return e-mail and
destroy this communication and all copies thereof, including all attachments.
