k0tu, If you are using Cisco routers the functionality is built in. It's called Lock-and-Key access. Basically the user telnets to the router an based on username and password the router ands an entry to a dynamic ACL that allows the IP address the user is telneting from to pass traffic to hosts you specify on the inside. It doesn't matter to the router if the user's ip address changes between sessions since the ACL is rebuilt automatically each time. You can authenticate via local usernames and passwords on the client or for more than a few users you can have the accounts on a TACACS or RADIUS server. Check the link for more information and how to configure:
http://www.cisco.com/warp/public/69/13.html Ben Setnick -----Original Message----- From: k0tu (AISec) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 31, 2001 7:31 PM To: [EMAIL PROTECTED] Subject: authenticating through a router probably a pretty basic question... i just want to gather others' suggestions for the best way to authenticate users between 2 sites connected by a dedicated T1. All internal private addressing is being used... each site has their own internet access. DHCP is being used on both internal networks. So if ACL's are used to allow certain IP's through, we'll probably run into "lease" issues. (static "trusted" machines is an option, i guess.) besides having the usual ACL's on the router(s)...after they hit the router, how could I authenticate users at the gateway, and continue on into the remote network? Both networks are Windows 2000. (Trusting both domains could also be an option, i guess ;) But that would be 2 domains. Can users from one domain use the same credentials on the "dedicated" domain, if they were added as users with the same passwords that exist on the already existing domain? To make a difficult long scenario short.... Is there any software I could put on a hardened linux box, that could do user authentication? Any suggestions would be appreciated...thnx. k0tu _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
