Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
703
Views
0
Helpful
4
Replies

VPN & ACS question

Go to solution
netman2k5
Level 1
Level 1

‎04-11-2005 01:19 PM

Hi,

This may be a stupid question but I need to learn about security issues so here is my question: if remote end users can access to their Corporate network via VPN securily then why do they need ACS solution ? Thanks for educating me.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
steve.busby
Level 5
Level 5
In response to netman2k5

‎04-11-2005 03:50 PM

My examples weren't too clear. You are correct in that you can provide server access to your VPN users through VPN concentrator AAA filters.

In the environment where I work we also use ACS to authenticate wireless users, AS5300 dial-up users, and access to our routers and switches.

Here's a link that hopefully explains this a little more clearer:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080205a5d.html

HTH

Steve

View solution in original post

0 Helpful
4 Replies 4

Go to solution
steve.busby
Level 5
Level 5

‎04-11-2005 02:03 PM

Two separate but complementary items.

VPN allows encrypted tunneling, while the ACS does the actual AAA actions. Yes you could also do AAA (limited) on just the Cisco VPN concentrator platform, you can get more centralized control by utilizing the VPN Concentrator and ACS solution.

As an example, if you only use the authentication/access controls on the VPN concentrator, how would you grant VPN users access to resources inside the network? You would have to go to each device and set up user accounts for each VPN user.

Now what if you had a central server that no matter what the individual tried to access, their credentials could be checked in one location and they would be either granted or denied access?

I know this is a very simplistic overview, but if you need more detail, feel free to ask and I'm sure others with more exposure (and some good introductory links) will post.

HTH

Steve

0 Helpful

Go to solution
netman2k5
Level 1
Level 1
In response to steve.busby

‎04-11-2005 02:25 PM

Hi Steve,

Thanks for quick help. Couldn't we use the VPN config on VPN concentrator to limit the remote access to certain servers inside the network without AAA ? anyway according to your explanation, VPN users can remotely access to VPN concentrator then will be checked against ACS server to further access into the network. Thanks again.

0 Helpful

Go to solution
steve.busby
Level 5
Level 5
In response to netman2k5

‎04-11-2005 03:50 PM

My examples weren't too clear. You are correct in that you can provide server access to your VPN users through VPN concentrator AAA filters.

In the environment where I work we also use ACS to authenticate wireless users, AS5300 dial-up users, and access to our routers and switches.

Here's a link that hopefully explains this a little more clearer:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080205a5d.html

HTH

Steve

0 Helpful

Go to solution
netman2k5
Level 1
Level 1
In response to steve.busby

‎04-11-2005 04:08 PM

Thanks a lot for your efforts, Steve.

0 Helpful
Customers Also Viewed These Support Documents