I need to deploy an AAA solution for the following situations.
1) Remote access via Cisco VPN Clients.
2) AAA for wireless windows PC's in remote locations
3) AAA for Cisco switches and Routers in remote locations
4) Authentication against a windows domain
The Windows IAS solution would be virtually free as we already have Windows 2003 domain controllers at each remote site. However, Cisco Secure ACS could also be an option. Does any ne have experience in both of these?
What are the positives\negatives of each? and limitations?
Does anyone have any informatin on case studys etc comparing the two?
Your help is greatly appreciated.
PS: There is a limitation in Windows 2003 Standard edition that limits the number of Radius clients to 50. Although we have more than 50 potential clients in the company, no site has more than 50 in total.
with MS IAS you can implement solution only using RADIUS protocol
ACS will provide you functionality to use RADIUS as well as TACACS.
Looking at the 4 solutions you want to implement, only 3rd solution will be a bit easier using TACACS, but again that it not something which you cannot implement using Radius.
About the Radius client limitation, ACS provides you a big database which you can use for clients, so limitation of 50 clients. Plus a lot many features you will love to incorporate in your network like NAP/NAC implementation made easier.
So you have to check if you have the required budget you can go for ACS, else IAS can work well for all the solutions (except radius client limitation, which I m sure MS can provide you some workaround).
following link can help you with sales information of ACS: