Solved

RADIUS or TACACS+ Placement

Posted on 2007-12-05
2
668 Views
Last Modified: 2013-11-16
hI,
Setting up a DMZ (Internet-ASA-DMZ-ASA-LAN) as we are looking allow external access. (The DMZ will only host an SMTP relay server and some mail content inspection boxes at this point.)
Usres will use SSL VPN (Cisic ASA) to access some web based apps on the LAN and probabaly ACS radius (or TACACS+) for AAA against a W2003 AD.
I belive the ACS is installed on a windows server but I believe the server must be a member of the AD.
So in that respect, in terms of device placement, I believe that the internt connects to external ASA interface, the ACS box sits in the internal lan as a domain member (?), so the ASA must communicate some how with the ACS box over a particular port (?).
On the right track here? Thanks
0
Comment
Question by:58872
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
poweruser32 earned 500 total points
ID: 20456379
ya thats it-you can also use the asa for the radius but if you want to have even greater security putting the radius on another box creates a double edge effect like your doing-i am not certain can you put the server(radius) in a work group but i think it has to be on the domain but you are on the right track
0
 

Author Closing Comment

by:58872
ID: 31412994
Thanks
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SYSVOL folder permission security best practice ? 14 148
Cisco AnyConnect VPN 4 47
Microsoft Security Bulletin MS17-010 - Critical 11 116
WSUS - Updates Approval 2 35
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question