Though I haven't done it myself, you should be able to keep the IAS box
(Windows 2000 Member Server) and the NT4PDC Box separate.
You're authentication AND access can be defined by the IAS box.
You would only need to allow RADIUS Ports...
1645 RADIUS Authentication
1646 RADIUS Accounting
OR
1812 RADIUS server
1813 RADIUS accounting
..on the PIX between the concentrator and the IAS box.
It would be more advisable to put the VPN Concentrator on the DMZ port
of the PIX if you have it; this is left to interpretation and opinion.
NOTE: I have no experience with the Concentrators, so, your mileage may
vary.
-Mark
-Original Message-
From: kwindancer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2003 11:27 AM
To: [EMAIL PROTECTED]
Subject: Microsoft IAS and VPN 3000/Client Authentication [7:66703]
Hello All: I'm looking into using Microsoft IAS and Windows NT4 PDC to
authenticate VPN client users who are accessinga VPN 3000 concentrator.
I
want home VPN client users to utilize the NT4 PDC for their login
authentication. The VPN 3000 concentrator is located on the outside
interface of the PIX while the NT 4 PDC is located on the inside. My
questions are: a) Should I combine the PDC and IAS into one server? My
preference is to use separate servers, and would this scenario works? b)
What ports should I open to allow Radius and NT authentication from the
outside to the inside? Thanks. Ken
___
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66710t=66703
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
