Re-IP'ing the entire network and using MS Radius
Posted on 2002-06-25
I have the grand task of Re-ip'ing my network to better accomidate my corporate office.
I have a few questions-
1. I'd like to do this as quickly and efficiently as possible, so what sort of checklist or gameplan I should use to accomplish quick and efficient?
2. With this change, I have an opotunity to move some server side stuff around. For instance, I would like to take down my external DNS server (on DMZ) and bring up two new DNS servers on the inside of my network and NAT the traffic through. I know there is a great Q article to do this, but my question is actually about NAT'ing traffic. I have a PIX 515... Do you think NAT'ing is better then access lists? In other words, I have sort of shunned NAT'ing and NAT nothing at this point. Should I stay with my current trend or switch over to NAT'ing to accomplish my goal?
3. Currently my PIX uses local PIX accounts to allo0w local access. Does anyone know how and or how difficult it is to set up the PIX515 to work with MS radius? I would like to do this so uses can authenticate to the VPN using thier network password.
4. Pulls from 3 too... Currently my users use the Cisco VPN client, I would also like to make it to where they can use the MS VPN connection as well... (with RADIUS working) I am not looking for a step by step answer here on the setup on the PIX, but a what anyone thinks about this would be appriciated.
Thanks in Advance