Solved

radius question

Posted on 2002-05-03
1
323 Views
Last Modified: 2010-04-11
I have a 3com firewall that has vpn capabilities, I want to use radius for authentication.  I will install
IAS(radius) on a windows 2000 server.  Now the question is, where should I place the win2000 server;
On the DMZ or my LAN?  Is there any reason I should not place it on my LAN?

Secondly, can the IAS server be a DC or is that a security risk.  

Thanks much
ptran
0
Comment
Question by:ptran2000
1 Comment
 
LVL 3

Accepted Solution

by:
hnminh earned 100 total points
ID: 6989629
IAS should not be on DMZ since it only serve authenticating to the firewall not anything else from the Internet. Depend on where your firewall is, ie. it is frontier firewall or internal firewall which is directly connected to your LAN or being both, you should configure the the router connected to your LAN to let only the firewall can connect to internal RADIUS service. So if the IAS is inside the firewall, it wont take much risk from the Internet to be a DC!

Actually this topology is how i'm using here in my office. We have Cisco router with 2 ethernet interface, 1 connected to DMZ, 1 to LAN using non-routable IP range (172.16.x.x). The router serve both RAS and VPN using internal IAS which is on our W2K DC!

Hope it help!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question