Solved

radius question

Posted on 2002-05-03
1
325 Views
Last Modified: 2010-04-11
I have a 3com firewall that has vpn capabilities, I want to use radius for authentication.  I will install
IAS(radius) on a windows 2000 server.  Now the question is, where should I place the win2000 server;
On the DMZ or my LAN?  Is there any reason I should not place it on my LAN?

Secondly, can the IAS server be a DC or is that a security risk.  

Thanks much
ptran
0
Comment
Question by:ptran2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 3

Accepted Solution

by:
hnminh earned 100 total points
ID: 6989629
IAS should not be on DMZ since it only serve authenticating to the firewall not anything else from the Internet. Depend on where your firewall is, ie. it is frontier firewall or internal firewall which is directly connected to your LAN or being both, you should configure the the router connected to your LAN to let only the firewall can connect to internal RADIUS service. So if the IAS is inside the firewall, it wont take much risk from the Internet to be a DC!

Actually this topology is how i'm using here in my office. We have Cisco router with 2 ethernet interface, 1 connected to DMZ, 1 to LAN using non-routable IP range (172.16.x.x). The router serve both RAS and VPN using internal IAS which is on our W2K DC!

Hope it help!
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question