Solved

RADIUS or TACACS+ Placement

Posted on 2007-12-05
2
525 Views
Last Modified: 2013-11-16
hI,
Setting up a DMZ (Internet-ASA-DMZ-ASA-LAN) as we are looking allow external access. (The DMZ will only host an SMTP relay server and some mail content inspection boxes at this point.)
Usres will use SSL VPN (Cisic ASA) to access some web based apps on the LAN and probabaly ACS radius (or TACACS+) for AAA against a W2003 AD.
I belive the ACS is installed on a windows server but I believe the server must be a member of the AD.
So in that respect, in terms of device placement, I believe that the internt connects to external ASA interface, the ACS box sits in the internal lan as a domain member (?), so the ASA must communicate some how with the ACS box over a particular port (?).
On the right track here? Thanks
0
Comment
Question by:58872
2 Comments
 
LVL 16

Accepted Solution

by:
poweruser32 earned 500 total points
ID: 20456379
ya thats it-you can also use the asa for the radius but if you want to have even greater security putting the radius on another box creates a double edge effect like your doing-i am not certain can you put the server(radius) in a work group but i think it has to be on the domain but you are on the right track
0
 

Author Closing Comment

by:58872
ID: 31412994
Thanks
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now