RE: PIX 7.0 ACE authen

From: Wing Lam (wing.lam@jossynergy.com)
Date: Thu Sep 15 2005 - 03:59:56 GMT-3

• Next message: Richard Dumoulin: "RE : Is it possible ?"
• Previous message: joshua lauer: "Re: Newly minted CCIE travelling the well-beaten path of"
• Maybe in reply to: Wing Lam: "PIX 7.0 ACE authen"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Jens Petter Eikeland;

From the link you providede, it seems to me that you are using Radius as
authen to ACS and then connect to ACE for authentication.

Have you tried that the VPN3005 connects to the ACE directly? (by SDI protocol
rather than Radius)

Thanks,
Winglam

________________________________

From: nobody@groupstudy.com on behalf of Jens Petter Eikeland
Sent: Thu 9/15/2005 3:44 AM
To: 'Guyler, Rik'; ccielab@groupstudy.com
Subject: SV: PIX 7.0 ACE authen

Hi ,

I am saying 3000 series consentrator... I suggest you og to cisco and
do a shearch on : CSCds67703, and you will see that they say that
this is not supported.
Maybe this is a old doc, but they still say it is not supported

http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_release_note09186
a00800d9dc8.html

Jens Petter Eikeland

-----Opprinnelig melding-----
Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne av
Guyler, Rik
Sendt: 14. september 2005 21:29
Til: ccielab@groupstudy.com
Emne: RE: PIX 7.0 ACE authen

The 3000 series does support new PIN mode. I use RSA on the backend with
ACS in the middle and new PIN mode works fine. Also works fine with my
AS5300, which is really just a router on steroids.

Rik

-----Original Message-----
From: Jens Petter Eikeland [mailto:jenseike@start.no]
Sent: Wednesday, September 14, 2005 6:26 AM
To: 'Wing Lam'; ccielab@groupstudy.com
Subject: SV: PIX 7.0 ACE authen

Hi there,

A few of the NASes supported by Cisco Secure ACS either do not support "new
PIN mode" functionality or support it in a limited fashion. New PIN mode is
when token-card users can be required to enter new PINs at login.

The following two types of NASes do not support new PIN mode functionality:

    * Cisco Secure VPN 3000 Concentrator
    * Cisco Secure PIX Firewall

Additionally, Cisco IOS routers can support new PIN mode functionality with
specific configuration.

Regards

Jens Petter Eikeland

-----Opprinnelig melding-----
Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne av Wing
Lam
Sendt: 14. september 2005 12:07
Til: ccielab@groupstudy.com
Emne: PIX 7.0 ACE authen

Dear Group;

Sorry for OT, has any body try to use PIX for client-to-site VPN connect,
which users will be authen by ACE secure token? Here I would like to ask the
following:

1) Can PIX connect to ACE Server directly without the use of Radius?

2) If yes, can this VPN client supports new PIN mode of this VPN connection?

3) If no, can this VPN client supports new PIN mode of this VPN connection
by Radius authentication?

4) Any link can be reference?

Thanks a lot,
BBD

• Next message: Richard Dumoulin: "RE : Is it possible ?"
• Previous message: joshua lauer: "Re: Newly minted CCIE travelling the well-beaten path of"
• Maybe in reply to: Wing Lam: "PIX 7.0 ACE authen"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3