Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Centralized authentication through insecure net, ASA

Hi all,

I'm looking for some ideas, products e.g. that can help me to achieve the following scenario:

- We have several customers with Cisco ASA

- We want to provide our IT-Engineer staff a remote vpn access to each customer site

- We need a centraliced AAA for the enginer vpn-authentication (TACAC+, RADIUS e.g.)

- The centralized authentication server should be on our site. So each ASA (customer site) has to do the authentication

   through the insecure internet to our AAA server

- Site-to-site is not an option (several customer sites have the same IP-range)

Any ideas?

Thanks a lot,

Norbert

2 REPLIES
Hall of Fame Super Blue

Centralized authentication through insecure net, ASA

Norbert

I would look at using certificates for this. So each customer ASA uses your centralised certificate server for authentication.

You can use something like Microsoft CA server to act as the certificate server.

There are plenty of docs on Cisco site for using certificates both with the VPN client and the ASA.

Jon

New Member

Centralized authentication through insecure net, ASA

Thanks Jon

That would be an option. How about Kerberos, LDAPS?

726
Views
0
Helpful
2
Replies