Setting up Cisco VPN using RADIUS

Posted on 2013-11-04
Last Modified: 2013-11-08
The technology service company that I work for has been setting up every customer a VPN user account without using RADIUS.  I am new to the company 1 and half years and we have some almost everyone is new and we wondered why we aren't using RADIUS for setting up these companies.  99% of them have a domain server and 99% of them require VPN access.  We have standardized the use of Cisco ASA devices.  So is there a good reason why we shouldn't use RADIUS?  Is it best practice to use RADIUS?  We have been arguing with the owner about this for months.  Our clients typically have a tech guy and they ask why we didn't set it up.  I don't have an answer for them.  Anyway our boss will not listen to use so I need outside help.  If you have any Cisco, MS or CIISP certs please include what you have so i have fuel for the fire.  

Question by:justind39
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 16

Expert Comment

ID: 39623637
you may use Radius and ... you may as well not ...
basically, without using radius you are relying on a local database account into the ASA, which is pretty manageable by ASA administrator. You may configure alerts and logging on it keeping trace of every single vpn connection and as well archive them into log files. So it is really a "full world", all managed by ASA administrator.
The other way round, when you use Radius, you are using Active Directory accounts to do a Single SignOn logon and get authorized to reach what that user would be when logged into the LAN. This of course will be managed by AD administrators and this is the main difference into any organization.
So the question is ... who must be responsible of VPN connections into you organization ? Who is the one that will be called up overnight when something is not going as expected ?

I could go on with thousands life examples, but for any point assigned to one technology, you will always find points to the other one as well.

hope this helps

Author Comment

ID: 39624961
Max thanks for the info.  Right now we have more people that can manage AD than ASA devices.  Is there any security advantage or disadvantage from RADIUS?  Thanks,
LVL 16

Accepted Solution

max_the_king earned 500 total points
ID: 39626648
Radius may well be considered secure, and it is a well known security standard. So it is a security advantage, no doubt.
You will end up creating a rule on the ASA that will permit access to a Radius server for authentication and tipically you will create a security group on Active Directory which will be filled up with all or a subset of your users. This means that whenever you need to add up any domain user to the list of VPN users, you just need to add those users to that security group. Of course those users will still need the vpn cisco client to bring up ipsec tunnel to ASA and their credentials will have to match the Active Directory user and password, and no longer the local ASA database.

hope this helps

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
QoS on Cisco router 10 59
Decommissioning DNS server question 3 64
Server 2016 FTP 5 23
RDP exploit 13 19
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question