RADIUS or TACACS+ Placement

hI,
Setting up a DMZ (Internet-ASA-DMZ-ASA-LAN) as we are looking allow external access. (The DMZ will only host an SMTP relay server and some mail content inspection boxes at this point.)
Usres will use SSL VPN (Cisic ASA) to access some web based apps on the LAN and probabaly ACS radius (or TACACS+) for AAA against a W2003 AD.
I belive the ACS is installed on a windows server but I believe the server must be a member of the AD.
So in that respect, in terms of device placement, I believe that the internt connects to external ASA interface, the ACS box sits in the internal lan as a domain member (?), so the ASA must communicate some how with the ACS box over a particular port (?).
On the right track here? Thanks
58872Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
poweruser32Connect With a Mentor Commented:
ya thats it-you can also use the asa for the radius but if you want to have even greater security putting the radius on another box creates a double edge effect like your doing-i am not certain can you put the server(radius) in a work group but i think it has to be on the domain but you are on the right track
0
 
58872Author Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.