Though I haven't done it myself, you should be able to keep the IAS box (Windows 2000 Member Server) and the NT4PDC Box separate.
You're authentication AND access can be defined by the IAS box. You would only need to allow RADIUS Ports... 1645 RADIUS Authentication 1646 RADIUS Accounting OR 1812 RADIUS server 1813 RADIUS accounting ..on the PIX between the concentrator and the IAS box. It would be more advisable to put the VPN Concentrator on the DMZ port of the PIX if you have it; this is left to interpretation and opinion. NOTE: I have no experience with the Concentrators, so, your mileage may vary. -Mark -----Original Message----- From: kwindancer [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 11:27 AM To: [EMAIL PROTECTED] Subject: Microsoft IAS and VPN 3000/Client Authentication [7:66703] Hello All: I'm looking into using Microsoft IAS and Windows NT4 PDC to authenticate VPN client users who are accessinga VPN 3000 concentrator. I want home VPN client users to utilize the NT4 PDC for their login authentication. The VPN 3000 concentrator is located on the outside interface of the PIX while the NT 4 PDC is located on the inside. My questions are: a) Should I combine the PDC and IAS into one server? My preference is to use separate servers, and would this scenario works? b) What ports should I open to allow Radius and NT authentication from the outside to the inside? Thanks. Ken _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66710&t=66703 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]