10-04-2011 08:06 AM
Hi all,
I'm looking for some ideas, products e.g. that can help me to achieve the following scenario:
- We have several customers with Cisco ASA
- We want to provide our IT-Engineer staff a remote vpn access to each customer site
- We need a centraliced AAA for the enginer vpn-authentication (TACAC+, RADIUS e.g.)
- The centralized authentication server should be on our site. So each ASA (customer site) has to do the authentication
through the insecure internet to our AAA server
- Site-to-site is not an option (several customer sites have the same IP-range)
Any ideas?
Thanks a lot,
Norbert
10-04-2011 12:19 PM
Norbert
I would look at using certificates for this. So each customer ASA uses your centralised certificate server for authentication.
You can use something like Microsoft CA server to act as the certificate server.
There are plenty of docs on Cisco site for using certificates both with the VPN client and the ASA.
Jon
10-07-2011 02:03 PM
Thanks Jon
That would be an option. How about Kerberos, LDAPS?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide