Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 344
  • Last Modified:

radius question

I have a 3com firewall that has vpn capabilities, I want to use radius for authentication.  I will install
IAS(radius) on a windows 2000 server.  Now the question is, where should I place the win2000 server;
On the DMZ or my LAN?  Is there any reason I should not place it on my LAN?

Secondly, can the IAS server be a DC or is that a security risk.  

Thanks much
ptran
0
ptran2000
Asked:
ptran2000
1 Solution
 
hnminhCommented:
IAS should not be on DMZ since it only serve authenticating to the firewall not anything else from the Internet. Depend on where your firewall is, ie. it is frontier firewall or internal firewall which is directly connected to your LAN or being both, you should configure the the router connected to your LAN to let only the firewall can connect to internal RADIUS service. So if the IAS is inside the firewall, it wont take much risk from the Internet to be a DC!

Actually this topology is how i'm using here in my office. We have Cisco router with 2 ethernet interface, 1 connected to DMZ, 1 to LAN using non-routable IP range (172.16.x.x). The router serve both RAS and VPN using internal IAS which is on our W2K DC!

Hope it help!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now