[c-nsp] Lightweight Radius Server for small installation and Windows

Brian Raaen braaen at zcorum.com
Wed May 6 07:45:58 EDT 2009 

I concur with Patrick, if you already have a Windows domain/AD server
install the IAS service and configure it to set up your VPN.  I set up a
Pix 306E to authenticate off a companies AD on one of the jobs I did. 
As I recall the only pain was finding out that I needed to install IAS
services which is included with the default license.

-- 
-----------------
Brian Raaen
Network Engineer
email: /braaen at zcorum.com/ <mailto:braaen at zcorum.com>


Patrick J Greene wrote:
> The Windows server platform includes Internet Authentication Services (IAS) which provides RADIUS authentication against either AD or the local user database on the Windows server itself.  Just install the service.
>
> Patrick
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Marc Haber
> Sent: Wednesday, May 06, 2009 5:58 AM
> To: cisco-nsp
> Subject: [c-nsp] Lightweight Radius Server for small installation and Windows
>
> Hi,
>
> a small company is planning to deploy client VPN using the Cisco VPN
> client and an 1841 in their office. They have 50 employees, about 15
> of them mobile, a couple of Windows 2003 servers (no virtualization
> yet) and are mostly an all-windows shop. They neither want their users
> to authenticate to the VPN via their Windows password (which, to my
> knowledge, rules out authenticating against the AD), nor do they want
> to use the cisco command line to generate the user accounts on the
> 1841 itself.
>
> Is there a lightweight, resource-easy Radius server for Windows which
> can be installed on one of the existing servers which has a clickable
> frontend for account management? It doesn't need to be end-user safe,
> the admins are going to manage the account, but they cringe at the
> thought of doing the "conf t; foo; copy running-config startup-config"
> dance.
>
> Just in case, in which price range do the "cheapest"
> one-time-password-token authentication schemes start for this user
> count?
>
> Any hints will be appreciated.
>
> Greetings
> Marc
>
>

More information about the cisco-nsp mailing list