Selection options - Authentication via Radius, ACS , etc

bberry · ‎07-11-2006

I hope this is in the proper forum.

I am in the process of finding a solution for needing Radius authentication support for WebVPN/SSLVPN. There seem to ba a lot of options in the market (Windows -vs- Linux) as well as Cisco's ACS product. Is there anything I should be aware of or look for in regards to compatability and/or setup issues. One thing I would like to be able to do is have this new server communicate with Active Directory so that I only have one place for user names and passwords. I am also hoping to use this for router/switch authentication once it is in place.

We have both windows & Linus servers so there currently is not a preference of one over the other. It seems that FreeRadius (Linux) seems to be a popular version but am wondering what other's are using. I am expecting that whatever we get the complicated part will be the setup & server configuration.

Brent

grant.maynard · ‎07-14-2006

I know the PIX/ASA from v7 and also the VPN3000 can authenticate directly with AD.

There used to be issues with PPTP which meant you had to use ACS as an intermediary but I don't think that's relevant to you.

Check the data sheets and sample configs on Cisco web site under Tech Support - Documentation - Product Support.

bberry · ‎07-24-2006

Sorry for the delay and thanks for the response.

The issue that I have is that I have to pass a group back to the 3020 to get folks into the proper place when connecting via WebVPN or SSL VPN. According to the docs the 3020 does not support native LDAP and I therefor have to go through a Radius server. We have been using the Steel Belted Radius product and given the price I am hoping to get ACS instead.

Brent