• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 243
  • Last Modified:

Remote access users connecting to an asa 5510

What is a better choice for authentication, a radius server or a RAS server when there are about 20 remote vpn users
0
PhPort
Asked:
PhPort
  • 5
  • 4
1 Solution
 
MikeKaneCommented:
There will probably be a lot more help available for the Radius solution.    Cisco has the config examples on the website to follow.  

0
 
PhPortAuthor Commented:
I need some clarification on the expert comment  'website to follow' as there has been nothing to follow. I would like to know which is a better solution. I believe it is radius but wanted to know if there was any guidelines on when to use radius and when to use rras.
0
 
MikeKaneCommented:
Should have read:   Cisco has the config examples to follow on their website.  

Which to use, there's real hard rule of thumb.   Radius has many more examples so might be easier to setup.   RRAS might be attractive for those with an all Microsoft back end or a requirement to keep it that way.     IMHO, if you have a MS server structure in place, it might just be better to use an LDAP lookup instead of RRAS...   my 2 cents.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
PhPortAuthor Commented:
Thanks for that clarification. I appreciate your IMHO and believe that if you register the radius server in active directory you are using those accounts to authenticate. I would like to know if anyone else has had to make a similar decision of choosing an authentication mechanism and which one they have chosen.
0
 
MikeKaneCommented:
Well, I've had this come up multiple times.    

I usually opt for the AAA Server group for LDAP passthru for this whenever a windows domain is available and usable.      I've only had to do a standalone radius install once, but it worked well and with little effort on the setup.  

The LDAP passthru is nice because you can have the VPN logon test against a domain security group.  Members of the group are allowed to connect.    The Windows Admin only needs to drop people in that security group to enable VPN.
0
 
MikeKaneCommented:
HE asked for opinion, I gave him my opinions and some direction to consider.  
0
 
PhPortAuthor Commented:
Sorry for not getting back sooner I had to attend to a important family matter. I believe I was asking if there was any guidelines on selecting between radius and ras. This question was not answered. I did get some helpful comments that led me to doing further research. I am new to this as this was my first question asked. I believe points should be awarded. Is the only option all points awarded when one person responds and only part of the question is answered?
0
 
MikeKaneCommented:
You can award all points, but give a lower grade on the question.  Or you can split points between the expert and one of your own answers if you like.  
0
 
PhPortAuthor Commented:
The answer was helpful but did not completely answer my question. It led me to look up and find further information on the topic.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now