Solved

radius windows 2000 and multiple VPN's

Posted on 2004-09-15
14
316 Views
Last Modified: 2010-04-11
Hello All

                     I am looking into setting up radius on my network. I read win2k has a version of radius with their win2k server disk. One of many questions so far wills radius mess with my existing vpn's that I have set up? I have a few point-to-point vpn's and one remote access.
                     I am looking into this because we are adding more and more users to remote access via Cisco client and I need a way to monitor that gets and what they are doing. Also if a user leaves us and was formally using remote access I have to change the password for the vpngroup to prevent access to our domain.
                      So in closeting can radius do all of that and is it feasible to set this up with existing vpn’s on my pix 515e?

Thanks in advance
Experts-Exchange junky
Brian Keegan



0
Comment
Question by:briankeegan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
14 Comments
 
LVL 15

Assisted Solution

by:Yan_west
Yan_west earned 250 total points
ID: 12069453
Yes it is feasable.. that is what we are doing here.. here is our config related to this..


aaa-server radius protocol radius
aaa-server partnerauth protocol radius
aaa-server partnerauth (inside) host 192.168.1.5 radpassword timeout 5

Then you config your radius server on your windows 2000

http://www.microsoft.com/windows2000/techinfo/administration/radius.asp
0
 
LVL 1

Author Comment

by:briankeegan
ID: 12069489
and my  other vpns that are already running wont mess up? and does this go on a firewall or router? and is thewre a radius client and a cisco vpn client going at same time?
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12069505
No, because they already have an independant user database.. if you do not configure your other firewalls to use the radius server, they will stay independant.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 1

Author Comment

by:briankeegan
ID: 12069577
I only have one firewall.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12069589
They, your user will have to authenticate through their domain user account.. Don't see why it would be a problem??
0
 
LVL 1

Author Comment

by:briankeegan
ID: 12069612
oh we are a medical billing company. we connect to other sites. wel the one that really conserns me is the point to point to columbia. although we connect to them they really dont use ours.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12070336
Anyways, the Radius server will only be used by users using the cisco vpn client right? I don't see why it would affect the other connection. A site to site VPN between 2 locations doesnt use radius..
0
 
LVL 1

Author Comment

by:briankeegan
ID: 12071150
maybe this is why i am confused. can  make just the vpncleint use radius? if that is so what extra configs do i need at the desktop level? what do i change in the vpngroup?

sorry if this seems like dumb questions but i was trying to honestly figure out this my self and i must not be reading the correct stuff.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12071214
Hmm, a vpn client config uses a Group, with an associated password. This group is associated with an ACL. When the user log in, he get prompted for his credentials.. the credentials get authenticated on the radius server.

A tunnel doesnt really use groups, it's only a tunnel between 2 locations. After this, you have to determine what will be accessed by the remote location on your location, and write an ACL that permit this location to get in..

I'm at home right now, and it'S getting late :) i'll give you the config tomorrow.. I've done that a while ago.. will make me a small revision :)
0
 
LVL 1

Author Comment

by:briankeegan
ID: 12072150
thanks allot
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 250 total points
ID: 12072482
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12074340
Well, use this link, it is excellent as I can see it.. :)
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12112233
Is it working?
0
 
LVL 1

Author Comment

by:briankeegan
ID: 12112256
not yet i still have a little work to do. but sence yall answered the question figured only fair to give the points.

again thanks the site from grblades was good but i have windows that is for linux/unix i think but it helped with my pix config.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question