Most firewalls support outbound authentication with AAA. We use the PIX and Cisco Secure ACS for outbound authentication. Works well. It might be a little trickier with controlling outbound VPN since the PIX doesnt have anyway to proxy the authentication for that but you can use http, ftp or telnet to authenticate the user first, then open the VPN ports/protocols.
If you want to authenticate outbound VPN on the PIX then youll have to authenticate everything outbound and use http, telnet or ftp to authenticate your outbound traffic. Once authenticated, all ports and protocols will open and the user can setup and use VPN. You can build AAA exception statements for specific hosts like mail servers and/or administrators. Im not familiar with Microsofts RADIUS but I would guess its standard RADIUS, which is supported by the PIX. You might look at Cisco Secure ACS. It integrates with the Microsoft domain authentication database smoothly.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...