briankeegan
asked on
radius windows 2000 and multiple VPN's
Hello All
I am looking into setting up radius on my network. I read win2k has a version of radius with their win2k server disk. One of many questions so far wills radius mess with my existing vpn's that I have set up? I have a few point-to-point vpn's and one remote access.
I am looking into this because we are adding more and more users to remote access via Cisco client and I need a way to monitor that gets and what they are doing. Also if a user leaves us and was formally using remote access I have to change the password for the vpngroup to prevent access to our domain.
So in closeting can radius do all of that and is it feasible to set this up with existing vpn’s on my pix 515e?
Thanks in advance
Experts-Exchange junky
Brian Keegan
I am looking into setting up radius on my network. I read win2k has a version of radius with their win2k server disk. One of many questions so far wills radius mess with my existing vpn's that I have set up? I have a few point-to-point vpn's and one remote access.
I am looking into this because we are adding more and more users to remote access via Cisco client and I need a way to monitor that gets and what they are doing. Also if a user leaves us and was formally using remote access I have to change the password for the vpngroup to prevent access to our domain.
So in closeting can radius do all of that and is it feasible to set this up with existing vpn’s on my pix 515e?
Thanks in advance
Experts-Exchange junky
Brian Keegan
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No, because they already have an independant user database.. if you do not configure your other firewalls to use the radius server, they will stay independant.
ASKER
I only have one firewall.
They, your user will have to authenticate through their domain user account.. Don't see why it would be a problem??
ASKER
oh we are a medical billing company. we connect to other sites. wel the one that really conserns me is the point to point to columbia. although we connect to them they really dont use ours.
Anyways, the Radius server will only be used by users using the cisco vpn client right? I don't see why it would affect the other connection. A site to site VPN between 2 locations doesnt use radius..
ASKER
maybe this is why i am confused. can make just the vpncleint use radius? if that is so what extra configs do i need at the desktop level? what do i change in the vpngroup?
sorry if this seems like dumb questions but i was trying to honestly figure out this my self and i must not be reading the correct stuff.
sorry if this seems like dumb questions but i was trying to honestly figure out this my self and i must not be reading the correct stuff.
Hmm, a vpn client config uses a Group, with an associated password. This group is associated with an ACL. When the user log in, he get prompted for his credentials.. the credentials get authenticated on the radius server.
A tunnel doesnt really use groups, it's only a tunnel between 2 locations. After this, you have to determine what will be accessed by the remote location on your location, and write an ACL that permit this location to get in..
I'm at home right now, and it'S getting late :) i'll give you the config tomorrow.. I've done that a while ago.. will make me a small revision :)
A tunnel doesnt really use groups, it's only a tunnel between 2 locations. After this, you have to determine what will be accessed by the remote location on your location, and write an ACL that permit this location to get in..
I'm at home right now, and it'S getting late :) i'll give you the config tomorrow.. I've done that a while ago.. will make me a small revision :)
ASKER
thanks allot
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Well, use this link, it is excellent as I can see it.. :)
Is it working?
ASKER
not yet i still have a little work to do. but sence yall answered the question figured only fair to give the points.
again thanks the site from grblades was good but i have windows that is for linux/unix i think but it helped with my pix config.
again thanks the site from grblades was good but i have windows that is for linux/unix i think but it helped with my pix config.
ASKER