Link to home
Start Free TrialLog in
Avatar of Swift
Swift

asked on

Cisco ASA - LDAP versus Radius

If the decision needs to be taken to choose between the integration of Cisco's ASA with either the Windows 2003 based LDAP which is on the inside interface or an NPS/IAS configured on Windows 2003/ 2008 member server to emulatate 802.1x (radius) authentication, what should be the deciding factors based upon, ease of configuration, security and future scalability?

Pls advise!!
Avatar of marcokrecic
marcokrecic
Flag of Italy image
Microsoft NPS/IAS has this benefits:

- is a implicit trusted object in active directory and the configuration is simple
- is best for scalability because is a centralized object
- is natively ready for NAC/NAP future implementation
- simplify jobs for systems administrators (infrastructure backup,generic troubleshooting)
 
Avatar of Swift
Swift

ASKER

Thanks for the reply marc.

Need to undertsand the first two points a bit more.

If we maintain that IAS has an implicit trust in AD then so is the secure-LDAP connection to my AD. The part of configuration is simple with IAS is udnerstandable.

Also, pls explain the part about 'best for scalability' because of being a centralised object?

Does opening up of an sLDAP port via my firewall to my Domain controller has it's security hazards?

Also, would it be a good scenario to configure IAS/NPS on my domain controllers for easy access to 'GC' vis a vis creating it's own member server in the Domain?

Avatar of marcokrecic
marcokrecic
Flag of Italy image
I have not time to reply in this moment. I reply this night. thaNKS . bYE
ASKER CERTIFIED SOLUTION
Avatar of marcokrecic
marcokrecic
Flag of Italy image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial