RE: How AAA in PIX Firewall ?

["Ray Burkholder" <ray () oneunified net>]

1) Cisco has a VPN client pack with 100 clients for a few hundred dollars.
PIX 501's should run you in the $500 to $700 range each in quantity.  I'd
recommend them if you have small offices to handle, otherwise use the VPN
client pack.  Be sure your central size has a VPN hardware accelerator for
handling multiple units.  A PIX 515 with the accellerator or a 3600 series
router with an accelerator should suffice.

2) Windows 2000 server has a Radius server built in which will authenticate
against Active Directory.  Alternatively, you can use a Linux box running
FreeRadius will authenticate with Active Directory in LDAP mode.  I'm not
sure exactly what type of URL filtering you wish to do, so these may now
work quite right for you.  Authentication and logging works well in either
scenario.

Ray Burkholder
http://www.oneunified.net
704 576 5101


> > 1) The problem of use site-to-site VPN is that I need to buy 1 PIX
> > Firewall
> > peer remote office (Total of 15 PIX 501) and this is more 
> expensive that
> > individual VPN, or not ?
> >
> > 2)I need AAA for controlling users access to the Internet. 
> My network is
> > Microsoft Windows Network with 2 Domain Controller and I need to
> > Authenticate, filter URL and log the activity of the user 
> that will use
> > NAT
> > trough the PIX , How can I do that ? I know that exist RADIUS server
> > software, but the problems is if they do that, and what of 
> this SERVER do
> > it
> > ?
> > In case of controlling remote access to the firewall I only need
> > authentication.


-- 
Scanned for viruses and dangerous content at 
http://www.oneunified.net and is believed to be clean.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards