RE: [fw-wiz] How AAA in PIX Firewall ?
From: Melson, Paul (PMelson_at_sequoianet.com)
To: "Adel Guia Cruz" <email@example.com>, <firstname.lastname@example.org> Date: Wed, 3 Dec 2003 17:18:06 -0500
> 1- How to implement AAA (Authentication, Authorization, Accounting) in
> PIX firewall. I now that Cisco have the "Cisco Secure Access Control Server"
> for AAA but is very expensive. Is possible to implement AAA without "Cisco
> Secure ACS" in PIX firewall, if is possible what will bee the limitations ?
The PIX will work with any standard RADIUS or TACACS server such as Microsoft
IAS or FreeRADIUS. You only need Secure ACS for certain applications. Basic
user authentication does not require Secure ACS.
> 2- Is PIX 506 sufficient to me, or I need the next PIX 515-UR? I need at
> less 75 concurrent VPN connections.
The 506 is EOL, so I wasn't able to look up its capacity. The 506E (which is
what you would have if you bought one in the last year or two), supports a
maximum of 25 simultaneous IKE SAs, which doesn't meet your criteria.
The next model up is the Cisco 515E which, with the VPN accelerator card that
is included with an unrestricted (UR) bundle, can handle 2,000 simultaneous
firewall-wizards mailing list