Locking down IAS and NAS
From: Timo (timo_at_theglens.net)
Date: 02/25/05
- Next message: David: "Re: Mobile 2003 Radius authentication requirements"
- Previous message: Mark Gamache: "Re: Mobile 2003 Radius authentication requirements"
- Next in thread: Thomas K: "Re: Locking down IAS and NAS"
- Reply: Thomas K: "Re: Locking down IAS and NAS"
- Messages sorted by: [ date ] [ thread ]
Date: 24 Feb 2005 18:03:15 -0800
Hey
Ive got large W2K3 IAS setup authenticating all kinds of logins.
Currently IAS autheticates users logging into Cisco Routers and
Swithces via telnet or SSH to admin the box, it authenticated VPN users
connecting to a Cisco router for access to the Inside Network, its also
authenticating my PEAP 802.11 clients. This is all working real
nicely... :)
All right , now I wanna lock things down. I know all my Cisco gear is
sending the Attribute 5 NAS-Port to the RADIUS server , however it
doesnt look like IAS has the ability to look for that Att.?. I wanna
use it because any VPN users are coming on NAS-Port 500 and users
trying to login via telnet or ssh are coming in on NAS-Port 68 or a few
higher.
Am I missing something or doesnt IAS support this?
Thanks a lot
Timo
- Next message: David: "Re: Mobile 2003 Radius authentication requirements"
- Previous message: Mark Gamache: "Re: Mobile 2003 Radius authentication requirements"
- Next in thread: Thomas K: "Re: Locking down IAS and NAS"
- Reply: Thomas K: "Re: Locking down IAS and NAS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
