Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

RADIUS or TACACS+ Placement

Posted on 2007-12-05
2
Medium Priority
?
772 Views
Last Modified: 2013-11-16
hI,
Setting up a DMZ (Internet-ASA-DMZ-ASA-LAN) as we are looking allow external access. (The DMZ will only host an SMTP relay server and some mail content inspection boxes at this point.)
Usres will use SSL VPN (Cisic ASA) to access some web based apps on the LAN and probabaly ACS radius (or TACACS+) for AAA against a W2003 AD.
I belive the ACS is installed on a windows server but I believe the server must be a member of the AD.
So in that respect, in terms of device placement, I believe that the internt connects to external ASA interface, the ACS box sits in the internal lan as a domain member (?), so the ASA must communicate some how with the ACS box over a particular port (?).
On the right track here? Thanks
0
Comment
Question by:58872
2 Comments
 
LVL 16

Accepted Solution

by:
poweruser32 earned 2000 total points
ID: 20456379
ya thats it-you can also use the asa for the radius but if you want to have even greater security putting the radius on another box creates a double edge effect like your doing-i am not certain can you put the server(radius) in a work group but i think it has to be on the domain but you are on the right track
0
 

Author Closing Comment

by:58872
ID: 31412994
Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
Experts Exchange expands question security options for members.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question