Solved

radius windows 2000 and multiple VPN's

Posted on 2004-09-15
14
311 Views
Last Modified: 2010-04-11
Hello All

                     I am looking into setting up radius on my network. I read win2k has a version of radius with their win2k server disk. One of many questions so far wills radius mess with my existing vpn's that I have set up? I have a few point-to-point vpn's and one remote access.
                     I am looking into this because we are adding more and more users to remote access via Cisco client and I need a way to monitor that gets and what they are doing. Also if a user leaves us and was formally using remote access I have to change the password for the vpngroup to prevent access to our domain.
                      So in closeting can radius do all of that and is it feasible to set this up with existing vpn’s on my pix 515e?

Thanks in advance
Experts-Exchange junky
Brian Keegan



0
Comment
Question by:briankeegan
  • 7
  • 6
14 Comments
 
LVL 15

Assisted Solution

by:Yan_west
Yan_west earned 250 total points
Comment Utility
Yes it is feasable.. that is what we are doing here.. here is our config related to this..


aaa-server radius protocol radius
aaa-server partnerauth protocol radius
aaa-server partnerauth (inside) host 192.168.1.5 radpassword timeout 5

Then you config your radius server on your windows 2000

http://www.microsoft.com/windows2000/techinfo/administration/radius.asp
0
 
LVL 1

Author Comment

by:briankeegan
Comment Utility
and my  other vpns that are already running wont mess up? and does this go on a firewall or router? and is thewre a radius client and a cisco vpn client going at same time?
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
No, because they already have an independant user database.. if you do not configure your other firewalls to use the radius server, they will stay independant.
0
 
LVL 1

Author Comment

by:briankeegan
Comment Utility
I only have one firewall.
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
They, your user will have to authenticate through their domain user account.. Don't see why it would be a problem??
0
 
LVL 1

Author Comment

by:briankeegan
Comment Utility
oh we are a medical billing company. we connect to other sites. wel the one that really conserns me is the point to point to columbia. although we connect to them they really dont use ours.
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
Anyways, the Radius server will only be used by users using the cisco vpn client right? I don't see why it would affect the other connection. A site to site VPN between 2 locations doesnt use radius..
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 1

Author Comment

by:briankeegan
Comment Utility
maybe this is why i am confused. can  make just the vpncleint use radius? if that is so what extra configs do i need at the desktop level? what do i change in the vpngroup?

sorry if this seems like dumb questions but i was trying to honestly figure out this my self and i must not be reading the correct stuff.
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
Hmm, a vpn client config uses a Group, with an associated password. This group is associated with an ACL. When the user log in, he get prompted for his credentials.. the credentials get authenticated on the radius server.

A tunnel doesnt really use groups, it's only a tunnel between 2 locations. After this, you have to determine what will be accessed by the remote location on your location, and write an ACL that permit this location to get in..

I'm at home right now, and it'S getting late :) i'll give you the config tomorrow.. I've done that a while ago.. will make me a small revision :)
0
 
LVL 1

Author Comment

by:briankeegan
Comment Utility
thanks allot
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 250 total points
Comment Utility
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
Well, use this link, it is excellent as I can see it.. :)
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
Is it working?
0
 
LVL 1

Author Comment

by:briankeegan
Comment Utility
not yet i still have a little work to do. but sence yall answered the question figured only fair to give the points.

again thanks the site from grblades was good but i have windows that is for linux/unix i think but it helped with my pix config.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now