Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Radius access from provider to internal MS ISA Server

From: Christoph Steigmeier <chris () haven hypernet ch>
Date: Thu, 4 Jul 2002 17:14:57 +0200 (CEST)
Hello

Our network-engineers are planing a vpn. The access should be done through
a selected local internet provider. The authentication for the
ppp-connection to the provider should be authenticated using the chap
protocol which is then forwarded from the isp's dialin to our radius
server in our corporate network to validate uid/pw. After this the
vpn-connection can be initialized through our vpn-gateways.

My question: I am not sure if it is good to allow the providers
radius-proxys to access our radiusservers (MS ISA) in our internal net
without an additional radiusproxy in our dmz. Our engineers argument, that
these will be expensive and pointless, because only the ip from the
providers radius would be granted, and that dos- and spoofing protection
on the firewalls is enough, and that an additional radiusproxy will not
prohibit unauthorized use of the connection. I am also not so sure if it
is a good thing to administrate both rights in one directory eg.

Thank you

Sincerely

Chris

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: