Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
979
Views
0
Helpful
2
Replies

Centralized authentication through insecure net, ASA

alig.norbert
Level 4
Level 4

‎10-04-2011 08:06 AM

Hi all,

I'm looking for some ideas, products e.g. that can help me to achieve the following scenario:

- We have several customers with Cisco ASA

- We want to provide our IT-Engineer staff a remote vpn access to each customer site

- We need a centraliced AAA for the enginer vpn-authentication (TACAC+, RADIUS e.g.)

- The centralized authentication server should be on our site. So each ASA (customer site) has to do the authentication

   through the insecure internet to our AAA server

- Site-to-site is not an option (several customer sites have the same IP-range)

Any ideas?

Thanks a lot,

Norbert

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎10-04-2011 12:19 PM

Norbert

I would look at using certificates for this. So each customer ASA uses your centralised certificate server for authentication.

You can use something like Microsoft CA server to act as the certificate server.

There are plenty of docs on Cisco site for using certificates both with the VPN client and the ASA.

Jon

0 Helpful

alig.norbert
Level 4
Level 4
In response to Jon Marshall

‎10-07-2011 02:03 PM

Thanks Jon

That would be an option. How about Kerberos, LDAPS?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents