Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
192
Views
0
Helpful
1
Replies

Concentrator 3000, RADIUS and a Pix Firewall.

admin_2
Level 3
Level 3

‎03-22-2004 03:16 PM - edited ‎02-20-2020 11:18 PM

What is the most secure way to configure a Concentrator 3000 with RADIUS authentiation and a Pix firewall for VPN access? Currently, the Concentrator "public" port is connected to a switch that resides outside the firewall and the "private" port connects to a seperate switch that the RADIUS server is connected to, which is inside the firewall.

0 Helpful
1 Reply 1

scoclayton
Level 7
Level 7

‎03-23-2004 06:08 AM

This setup certainly does work as you have seen. My preference would probably be to have the public interface on the concentrator connected to a DMZ interface on the PIX. This way, you can control the traffic that gets to the public interface on the concentrator to only ESP, UDP-500, PPTP, etc...

The concentrator has filters that can perform this function but any processing that you can remove from the concentrator and off-load to the PIX should streamline the concentrator to do what it does best - encrypt and decrypt.

Dropping off the public interface is probably fine as well unless you have a need to filter the traffic from your VPN clients. If this is the case, then bringing the private interface into a 4th interface on the PIX is not unreasonable.

Hope this helps.

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card