10-04-2011 08:06 AM
Hi all,
I'm looking for some ideas, products e.g. that can help me to achieve the following scenario:
- We have several customers with Cisco ASA
- We want to provide our IT-Engineer staff a remote vpn access to each customer site
- We need a centraliced AAA for the enginer vpn-authentication (TACAC+, RADIUS e.g.)
- The centralized authentication server should be on our site. So each ASA (customer site) has to do the authentication
through the insecure internet to our AAA server
- Site-to-site is not an option (several customer sites have the same IP-range)
Any ideas?
Thanks a lot,
Norbert
10-04-2011 12:19 PM
Norbert
I would look at using certificates for this. So each customer ASA uses your centralised certificate server for authentication.
You can use something like Microsoft CA server to act as the certificate server.
There are plenty of docs on Cisco site for using certificates both with the VPN client and the ASA.
Jon
10-07-2011 02:03 PM
Thanks Jon
That would be an option. How about Kerberos, LDAPS?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: