RE: [fw-wiz] How AAA in PIX Firewall ?
From: Wes Noonan (mailinglists_at_wjnconsulting.com)
Date: 12/03/03
- Previous message: Miha Vitorovic: "Re: [fw-wiz] full IPSEC tunnels on PIX and NAT ..."
- In reply to: Adel Guia Cruz: "[fw-wiz] How AAA in PIX Firewall ?"
- Next in thread: Melson, Paul: "RE: [fw-wiz] How AAA in PIX Firewall ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Adel Guia Cruz'" <aguia@fifomi.gob.mx>, <firewall-wizards@honor.icsalabs.com> Date: Wed, 3 Dec 2003 14:55:25 -0600
1) The PIX 506 should work fine, as long as you don't need more than 2
interfaces, failover or more than 25 VPN peers. You mention that you need
75, but you might be better served using site-to-site VPN connections
instead of individual VPNs for each user. If you really need 75 VPN peers
though, then you have to go with a 515 or larger.
2) Are you wanting AAA for controlling access to the firewall or controlling
user access to the internet. If the prior you can use local usernames or
RADIUS for authentication. If the latter, you can still use RADIUS for
authentication though I believe that you largely give up the ability to do
authorization or accounting without TACACS+.
HTH
Wes Noonan
Mailinglists@wjnconsulting.com
http://www.wjnconsulting.com
> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com [mailto:firewall-wizards-
> admin@honor.icsalabs.com] On Behalf Of Adel Guia Cruz
> Sent: Wednesday, December 03, 2003 13:45
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] How AAA in PIX Firewall ?
>
> I need to implement a Firewall, VPN and IDS solution in my Central Office
> network. The network structure is one Central Office with 150 nodes (50
> nodes need Internet access) and 15 Remote Small Office with 5 node peer
> Remote Office.
>
> The Central Office have only one internet connection HDSL 256Kbps and the
> remote office are connected to Central Office thought Internet.
>
> I think that Cisco PIX Firewall is a good choice but I need some advise:
>
> 1- How to implement AAA (Authentication, Authorization, Accounting) in
> PIX firewall. I now that Cisco have the "Cisco Secure Access Control
> Server"
> for AAA but is very expensive. Is possible to implement AAA without "Cisco
> Secure ACS" in PIX firewall, if is possible what will bee the limitations
> ?
> 2- Is PIX 506 sufficient to me, or I need the next PIX 515-UR? I need
> at
> less 75 concurrent VPN connections.
>
> Thanks
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Miha Vitorovic: "Re: [fw-wiz] full IPSEC tunnels on PIX and NAT ..."
- In reply to: Adel Guia Cruz: "[fw-wiz] How AAA in PIX Firewall ?"
- Next in thread: Melson, Paul: "RE: [fw-wiz] How AAA in PIX Firewall ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
