Solved

RADIUS or TACACS+ Placement

Posted on 2007-12-05
2
697 Views
Last Modified: 2013-11-16
hI,
Setting up a DMZ (Internet-ASA-DMZ-ASA-LAN) as we are looking allow external access. (The DMZ will only host an SMTP relay server and some mail content inspection boxes at this point.)
Usres will use SSL VPN (Cisic ASA) to access some web based apps on the LAN and probabaly ACS radius (or TACACS+) for AAA against a W2003 AD.
I belive the ACS is installed on a windows server but I believe the server must be a member of the AD.
So in that respect, in terms of device placement, I believe that the internt connects to external ASA interface, the ACS box sits in the internal lan as a domain member (?), so the ASA must communicate some how with the ACS box over a particular port (?).
On the right track here? Thanks
0
Comment
Question by:58872
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
poweruser32 earned 500 total points
ID: 20456379
ya thats it-you can also use the asa for the radius but if you want to have even greater security putting the radius on another box creates a double edge effect like your doing-i am not certain can you put the server(radius) in a work group but i think it has to be on the domain but you are on the right track
0
 

Author Closing Comment

by:58872
ID: 31412994
Thanks
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question