I have a Cisco PIX 515E that is currently acting as office's router. We have an MS domain, and utilize MS VPN for remote access. I would like to use the Cisco VPN functionality built into the PIX and leverage active directory for authentication; however, I have not found a good source for instructions on how to do this. I am a programmer with a sys admin hobby, so the instructions I'm looking for should not be geared towards a Cisco or AD expert. Do any instructions like these exist?
You need the Internet Authentication Service (IAS) installed on a domain member server and a shared secret that you enter on the IAS server and PIX.
then execute on your PIX:
That should point you in the right direction and get you started.
It's been a few years since I've worked with PIX, so this might have changed if they added direct LDAP support.
What you want to setup is a RADIUS server. It's a component of Windows Server. You can setup the PIX to authentication against your specific RADIUS server, and it knows how to communicate to Active Directory.
A search on Google for 'setup RADIUS in Windows' should get you plenty of guides on how to do it.
Since 8.x the PIX/ASA Release can use fully supported ldap.
I would suggest that you upgrade your PIX to the ASA Image 8.0(4). It's not a big deal.. All you need is at least 64mb Ram (normaly the pix 515e has 32mb build in, but you can still find cheap ram on ebay..) and the software of course.