Solved

Setting up Cisco VPN using RADIUS

Posted on 2013-11-04
3
418 Views
Last Modified: 2013-11-08
The technology service company that I work for has been setting up every customer a VPN user account without using RADIUS.  I am new to the company 1 and half years and we have some almost everyone is new and we wondered why we aren't using RADIUS for setting up these companies.  99% of them have a domain server and 99% of them require VPN access.  We have standardized the use of Cisco ASA devices.  So is there a good reason why we shouldn't use RADIUS?  Is it best practice to use RADIUS?  We have been arguing with the owner about this for months.  Our clients typically have a tech guy and they ask why we didn't set it up.  I don't have an answer for them.  Anyway our boss will not listen to use so I need outside help.  If you have any Cisco, MS or CIISP certs please include what you have so i have fuel for the fire.  

Thanks!
0
Comment
Question by:justind39
  • 2
3 Comments
 
LVL 15

Expert Comment

by:max_the_king
Comment Utility
Hi,
you may use Radius and ... you may as well not ...
basically, without using radius you are relying on a local database account into the ASA, which is pretty manageable by ASA administrator. You may configure alerts and logging on it keeping trace of every single vpn connection and as well archive them into log files. So it is really a "full world", all managed by ASA administrator.
The other way round, when you use Radius, you are using Active Directory accounts to do a Single SignOn logon and get authorized to reach what that user would be when logged into the LAN. This of course will be managed by AD administrators and this is the main difference into any organization.
So the question is ... who must be responsible of VPN connections into you organization ? Who is the one that will be called up overnight when something is not going as expected ?

I could go on with thousands life examples, but for any point assigned to one technology, you will always find points to the other one as well.

hope this helps
max
0
 
LVL 1

Author Comment

by:justind39
Comment Utility
Max thanks for the info.  Right now we have more people that can manage AD than ASA devices.  Is there any security advantage or disadvantage from RADIUS?  Thanks,
0
 
LVL 15

Accepted Solution

by:
max_the_king earned 500 total points
Comment Utility
Hi,
Radius may well be considered secure, and it is a well known security standard. So it is a security advantage, no doubt.
You will end up creating a rule on the ASA that will permit access to a Radius server for authentication and tipically you will create a security group on Active Directory which will be filled up with all or a subset of your users. This means that whenever you need to add up any domain user to the list of VPN users, you just need to add those users to that security group. Of course those users will still need the vpn cisco client to bring up ipsec tunnel to ASA and their credentials will have to match the Active Directory user and password, and no longer the local ASA database.

hope this helps
max
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now