Firewall Wizards mailing list archives

RE: How AAA in PIX Firewall ?

From: "Wes Noonan" <mailinglists () wjnconsulting com>
Date: Wed, 3 Dec 2003 14:55:25 -0600

1) The PIX 506 should work fine, as long as you don't need more than 2
interfaces, failover or more than 25 VPN peers. You mention that you need
75, but you might be better served using site-to-site VPN connections
instead of individual VPNs for each user. If you really need 75 VPN peers
though, then you have to go with a 515 or larger.
2) Are you wanting AAA for controlling access to the firewall or controlling
user access to the internet. If the prior you can use local usernames or
RADIUS for authentication. If the latter, you can still use RADIUS for
authentication though I believe that you largely give up the ability to do
authorization or accounting without TACACS+.

HTH

Wes Noonan
Mailinglists () wjnconsulting com
http://www.wjnconsulting.com

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-
admin () honor icsalabs com] On Behalf Of Adel Guia Cruz
Sent: Wednesday, December 03, 2003 13:45
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] How AAA in PIX Firewall ?

I need to implement a Firewall, VPN and IDS solution in my Central Office
network. The network structure  is one Central Office with 150 nodes (50
nodes need Internet access) and 15 Remote Small Office with 5 node peer
Remote Office.

The Central Office have only one internet connection HDSL 256Kbps and the
remote office are connected to Central Office thought Internet.

I think that Cisco PIX Firewall is a good choice but I need some advise:

1-     How to implement AAA (Authentication, Authorization, Accounting) in
PIX firewall. I now that Cisco have the "Cisco Secure Access Control
Server"
for AAA but is very expensive. Is possible to implement AAA without "Cisco
Secure ACS" in PIX firewall, if is possible what will bee the limitations
?
2-     Is PIX 506 sufficient to me, or I need the next PIX 515-UR? I need
at
less 75 concurrent VPN   connections.

Thanks
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

How AAA in PIX Firewall ? Adel Guia Cruz (Dec 03)
- RE: How AAA in PIX Firewall ? Wes Noonan (Dec 03)
- <Possible follow-ups>
- RE: How AAA in PIX Firewall ? Melson, Paul (Dec 03)
- RE: How AAA in PIX Firewall ? Adel Guia Cruz (Dec 06)
  - RE: How AAA in PIX Firewall ? Wes Noonan (Dec 06)
    - RE: How AAA in PIX Firewall ? Ray Burkholder (Dec 11)
- RE: How AAA in PIX Firewall ? Adel Guia Cruz (Dec 06)
  - RE: How AAA in PIX Firewall ? Wes Noonan (Dec 06)