cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2500
Views
4
Helpful
3
Replies

Cisco Secure ACS vs Windows IAS

serotonin888
Level 1
Level 1

Hi All,

I need to deploy an AAA solution for the following situations.

1) Remote access via Cisco VPN Clients.

2) AAA for wireless windows PC's in remote locations

3) AAA for Cisco switches and Routers in remote locations

4) Authentication against a windows domain

The Windows IAS solution would be virtually free as we already have Windows 2003 domain controllers at each remote site. However, Cisco Secure ACS could also be an option. Does any ne have experience in both of these?

What are the positives\negatives of each? and limitations?

Does anyone have any informatin on case studys etc comparing the two?

Your help is greatly appreciated.

Kind Regards,

Andy

PS: There is a limitation in Windows 2003 Standard edition that limits the number of Radius clients to 50. Although we have more than 50 potential clients in the company, no site has more than 50 in total.

1 Accepted Solution

Accepted Solutions

rochopra
Cisco Employee
Cisco Employee

with MS IAS you can implement solution only using RADIUS protocol

ACS will provide you functionality to use RADIUS as well as TACACS.

Looking at the 4 solutions you want to implement, only 3rd solution will be a bit easier using TACACS, but again that it not something which you cannot implement using Radius.

About the Radius client limitation, ACS provides you a big database which you can use for clients, so limitation of 50 clients. Plus a lot many features you will love to incorporate in your network like NAP/NAC implementation made easier.

So you have to check if you have the required budget you can go for ACS, else IAS can work well for all the solutions (except radius client limitation, which I m sure MS can provide you some workaround).

following link can help you with sales information of ACS:

http://wwwin-nmbu.cisco.com/thevault/files/1027/5/ACS4.1-Sales-Guide%20April%204%202007.htm

View solution in original post

3 Replies 3

JBDanford2002
Level 1
Level 1

Here is a Comparison of TACACS and Radius.

http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/secsols/aaasols/c262c1.htm

I have used both. The mose convenient in the past for me was RADIUS. This was because users could authenticate via AD and new accounts would not have to be created and additional software purchase was not required. TACACS is more secure and can finer control over cisco device authorization and accounting. RADIUS is probably the easiest to setup and deploy if you have existing servers in place. If you have more than one server you could configure redundancy. Again less cost for user authentication. For asset management I would use TACACS because of the authorization features not given by RADIUS.

rochopra
Cisco Employee
Cisco Employee

with MS IAS you can implement solution only using RADIUS protocol

ACS will provide you functionality to use RADIUS as well as TACACS.

Looking at the 4 solutions you want to implement, only 3rd solution will be a bit easier using TACACS, but again that it not something which you cannot implement using Radius.

About the Radius client limitation, ACS provides you a big database which you can use for clients, so limitation of 50 clients. Plus a lot many features you will love to incorporate in your network like NAP/NAC implementation made easier.

So you have to check if you have the required budget you can go for ACS, else IAS can work well for all the solutions (except radius client limitation, which I m sure MS can provide you some workaround).

following link can help you with sales information of ACS:

http://wwwin-nmbu.cisco.com/thevault/files/1027/5/ACS4.1-Sales-Guide%20April%204%202007.htm

Thanks to all for the replies. They were both very helpfull. I have decided to run an evaluation into the suitability of using Windows IAS for authentication of VPN users.

Of course id love to implement ACS but i cannot justify the exepnse (at present).

Cheers

Andy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: