RE: [fw-wiz] How AAA in PIX Firewall ?

From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 12/03/03

  • Next message: NR: "[fw-wiz] SunScreen Log Analyzer"
    To: "Adel Guia Cruz" <aguia@fifomi.gob.mx>, <firewall-wizards@honor.icsalabs.com>
    Date: Wed, 3 Dec 2003 17:18:06 -0500
    
    

    -----Original Message-----
    > 1- How to implement AAA (Authentication, Authorization, Accounting) in
    > PIX firewall. I now that Cisco have the "Cisco Secure Access Control Server"
    > for AAA but is very expensive. Is possible to implement AAA without "Cisco
    > Secure ACS" in PIX firewall, if is possible what will bee the limitations ?

    The PIX will work with any standard RADIUS or TACACS server such as Microsoft
    IAS or FreeRADIUS. You only need Secure ACS for certain applications. Basic
    user authentication does not require Secure ACS.

    > 2- Is PIX 506 sufficient to me, or I need the next PIX 515-UR? I need at
    > less 75 concurrent VPN connections.

    The 506 is EOL, so I wasn't able to look up its capacity. The 506E (which is
    what you would have if you bought one in the last year or two), supports a
    maximum of 25 simultaneous IKE SAs, which doesn't meet your criteria.

    The next model up is the Cisco 515E which, with the VPN accelerator card that
    is included with an unrestricted (UR) bundle, can handle 2,000 simultaneous
    IKE SAs.

    PaulM
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: NR: "[fw-wiz] SunScreen Log Analyzer"

    Relevant Pages

    • Re: Password Management Issue
      ... delegating administration for AD (Quest has a really nice one)...and ... then Cisco has a handy one called Secure ACS that manages all their ... into an IdM solution. ...
      (microsoft.public.windows.server.security)
    • Re: Password Management Issue
      ... delegating administration for AD (Quest has a really nice one)...and ... then Cisco has a handy one called Secure ACS that manages all their ... into an IdM solution. ...
      (microsoft.public.security)
    • Re: Password Management Issue
      ... delegating administration for AD (Quest has a really nice one)...and ... then Cisco has a handy one called Secure ACS that manages all their ... into an IdM solution. ...
      (microsoft.public.win2000.security)