Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 455
  • Last Modified:

Setting up Cisco VPN using RADIUS

The technology service company that I work for has been setting up every customer a VPN user account without using RADIUS.  I am new to the company 1 and half years and we have some almost everyone is new and we wondered why we aren't using RADIUS for setting up these companies.  99% of them have a domain server and 99% of them require VPN access.  We have standardized the use of Cisco ASA devices.  So is there a good reason why we shouldn't use RADIUS?  Is it best practice to use RADIUS?  We have been arguing with the owner about this for months.  Our clients typically have a tech guy and they ask why we didn't set it up.  I don't have an answer for them.  Anyway our boss will not listen to use so I need outside help.  If you have any Cisco, MS or CIISP certs please include what you have so i have fuel for the fire.  

Thanks!
0
Justin Alcorta
Asked:
Justin Alcorta
  • 2
1 Solution
 
max_the_kingCommented:
Hi,
you may use Radius and ... you may as well not ...
basically, without using radius you are relying on a local database account into the ASA, which is pretty manageable by ASA administrator. You may configure alerts and logging on it keeping trace of every single vpn connection and as well archive them into log files. So it is really a "full world", all managed by ASA administrator.
The other way round, when you use Radius, you are using Active Directory accounts to do a Single SignOn logon and get authorized to reach what that user would be when logged into the LAN. This of course will be managed by AD administrators and this is the main difference into any organization.
So the question is ... who must be responsible of VPN connections into you organization ? Who is the one that will be called up overnight when something is not going as expected ?

I could go on with thousands life examples, but for any point assigned to one technology, you will always find points to the other one as well.

hope this helps
max
0
 
Justin AlcortaEnterprise Systems AnalystAuthor Commented:
Max thanks for the info.  Right now we have more people that can manage AD than ASA devices.  Is there any security advantage or disadvantage from RADIUS?  Thanks,
0
 
max_the_kingCommented:
Hi,
Radius may well be considered secure, and it is a well known security standard. So it is a security advantage, no doubt.
You will end up creating a rule on the ASA that will permit access to a Radius server for authentication and tipically you will create a security group on Active Directory which will be filled up with all or a subset of your users. This means that whenever you need to add up any domain user to the list of VPN users, you just need to add those users to that security group. Of course those users will still need the vpn cisco client to bring up ipsec tunnel to ASA and their credentials will have to match the Active Directory user and password, and no longer the local ASA database.

hope this helps
max
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now