Locking down IAS and Routers

Discussion in 'Cisco' started by Timo, Feb 25, 2005.

  1. Timo

    Timo Guest


    Ive got large W2K3 IAS setup authenticating all kinds of logins.
    Currently IAS autheticates users logging into Cisco Routers and
    Swithces via telnet or SSH to admin the box, its authenticated VPN
    connecting to a Cisco 1760 for access to the Inside Network, its also
    authenticating my PEAP 802.11 clients. This is all working real
    nicely... :)

    All right , now I wanna lock things down. I know all my Cisco gear is
    sending the Attribute 5 NAS-Port to the RADIUS server , however MS IAS
    doesnt support this Access-Request Attribute, DOH!. I wanted to use it
    because any VPN users are coming on NAS-Port 500 and users trying to
    login via telnet or ssh are coming in on NAS-Port 68 or a few higher.
    Should have been easy right...

    Any one know of any other ways my IAS box can differenciate between
    users logging into my VPN via the network for VPN access from users
    logging into for an EXEC.



    Thanks a lot

    Timo, Feb 25, 2005
    1. Advertisements

  2. Timo

    Timo Guest

    Timo, Feb 28, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.