Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
638
Views
0
Helpful
1
Replies

Auth Proxy and VPN question

lovedam
Level 1
Level 1

‎04-27-2005 09:09 AM - edited ‎03-10-2019 02:07 PM

I will be setting up two remote offices to connect to our main office. I will be configuring each branch office router to run a site-to-site VPN to the main office.

I want to have individual users authenticate themselves with our ACS server at the main site. I have looked into Auth Proxy and it seems like the way to go. I have a few questions though...

Do I enable Auth Proxy on the branch router or on the main office router?

I know the VPN tunnel will only be created after interesting traffic comes through.... If I turn on Aut Proxy on the main router, will the auth proxy requests from the branch office user initiate the tunnel? If I turn it on the branch router, will the auth proxy traffic to the ACS server from the branch office activate the tunnel? also, will it time out before the tunnel gets up?

It seems like the smart place to put the Auth Proxy would be the main site router. It would be easier to control/configure/maintain.

Is there a design guide to using Auth Proxy for remote offices?

Are there any gotchas?

Labels:
0 Helpful
1 Reply 1

wong34539
Level 6
Level 6

‎05-03-2005 01:35 PM

Its better to place the auth proxy in the DMZ. The document Design Guide Cisco IOS Firewall has more information on where to place auth proxy.

http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/firew_dg.htm

0 Helpful
Customers Also Viewed These Support Documents