Implementing AAA for inside interface users

Unanswered Question
Mar 28th, 2008
User Badges:
  • Gold, 750 points or more

Hi all,

I recently implemented Downloadable Access Lists for VPN users in our Cisco PIX & IAS (Internet Authentication Service). We have an AD domain, VPN users are authenticating against AD Integrated IAS and according to windows group membership, they get their ACLs that are defined in AV Pairs.Works great.

Now I want to implement AAA for our inside interface clients, achieve results similar to above. Want to restrict traffic flow by Active Directory Users or Active Directory Groups. To remind, not for VPN users!, want to implement for users located in inside interface accessing resources on outside or DMZ interface.

The question is, is IAS alone enough? Or should I install TACACS and disable IAS? Or should I implement CSACS?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Thu, 04/03/2008 - 07:02
User Badges:
  • Silver, 250 points or more

By default connection from inside hosts are monitored when it goes out. But if you want it for specific protocol use Fixup command on the PIX.


This Discussion