Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA control for inside network

I knew that AAA can be easily set to control VPN connection from outsite. How about controlling traffic from inside to outside?

3 REPLIES
New Member

Re: AAA control for inside network

Most firewalls support outbound authentication with AAA. We use the PIX and Cisco Secure ACS for outbound authentication. Works well. It might be a little trickier with controlling outbound VPN since the PIX doesn’t have anyway to proxy the authentication for that but you can use http, ftp or telnet to authenticate the user first, then open the VPN ports/protocols.

New Member

Re: AAA control for inside network

As your message mentioned, PIX support outbound authentication with AAA. Should it be done to all outbound traffic including VPN outbound?

BTW, can PIX support outbound authentication with Microsoft Radius? Must user authenticate on screen instead of passing workstations' login information when outbound connection is going to make?

New Member

Re: AAA control for inside network

If you want to authenticate outbound VPN on the PIX then you’ll have to authenticate everything outbound and use http, telnet or ftp to authenticate your outbound traffic. Once authenticated, all ports and protocols will open and the user can setup and use VPN. You can build AAA exception statements for specific hosts like mail servers and/or administrators. I’m not familiar with Microsoft’s RADIUS but I would guess it’s standard RADIUS, which is supported by the PIX. You might look at Cisco Secure ACS. It integrates with the Microsoft domain authentication database smoothly.

104
Views
0
Helpful
3
Replies