(ASCEND) Re: RFC VPN and Access Solution Comprehesion plus

[Matt Holdrege <matt@ascend.com>]

Where Radius lives could be different in any network. Some will have it
outside, some inside, some in a DMZ. There are many different methods.
Start from the beginning and decide what your service specifications are.
Then you can drop in the right technology design.

Authentication technology is virtually (no pun) unlimited today. You can
make it offer nearly any service you want.


At 05:26 PM 5/30/98 -0600, dreamwvr wrote:
>Hi Everyone,
>          I apologize if this is wordy but am trying to comprehend what i
>am getting 
>          myself into;') Here is the scenario i am setting up a full time
>T1 from a 
>          head office over the big I to a series of branch offices running
>yet to be 
>          determined access to the Internet. At the head office their will
>be a router 
>          either a cisco or a plain old linux solution router statically
>routing to 
>          the next router up the web chain. Behind this router is a
>firewall with a 
>          dmz running a secure server. Behind this again is a second router
>that is 
>          the last point out on the lan. I am planning to VPN using say the
>VPN 1010
>          series box on each of the branches including the hq. Running
>IPSEC if possible 
>          the VPN boxes will be the last routers inward if possible. Is
>this possible 
>          without causing any problems. Anyways here is where i get
>completely lost 
>          on the solution:'( I plan to tunnel thru the internet from branch
>to branch
>          using say ascend to authenticate. Where should the auth servers
>live at the 
>          DMZ or connected somehow to the T1 at the tip of the Internet. I
>think what 
>          happens here is that people dial in via isp and point their pc to
>a branch 
>          static ip where they are authenticated and allowed or denied. Is
>this right?
>          In the mean time if they are denied then they can't enter the
>tunnel right?
>          Are there any diagrams explaining where the radius is to live and
>how it 
>          is installed hopefully step by step? Also since ace servers are
>planned 
>          for roving users is this the way to go? Where does the Ascend
>come into 
>          play and does it provide what i think it does? the head office
>will go 
>          something like this is this right and where does the ascend
>server live 
>          and what protects it?
>                               DMZ
>                                |
>
>          internet-> router-> bastion-> router internal ->lan - ascend?
>-ace srv
>
>	Thanking you all in advance:')
>
>								Regards,
>									dreamwvr@dreamwvr.com 
>_______________________________________________________________________
>
>DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES. 
>Featuring Website Development and Web Strategies of a TOP Developer 
><http://www.dreamwvr.com/dreambiz.htm> <mailto:dreamwvr@dreamwvr.com>
>"As Unique as the Company You Keep."        "===0 PGP Key Available 
>________________________________________________________________________
>                                                                   
>
>
>
Matt Holdrege		http://www.ascend.com	matt@ascend.com
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

---

References:

• Re: (ASCEND) VPN to a cisco?
• From: Matt Holdrege <matt@ascend.com>
• Re: (ASCEND) VPN to a cisco?
• From: Charlie Clemmer <cclemmer@mindspring.com>
• (ASCEND) VPN to a cisco?
• From: "Leon McCalla" <ascend@caribbeanlink.com>
• (ASCEND) RFC VPN and Access Solution Comprehesion plus
• From: dreamwvr <dreamwvr@dreamwvr.com>

---

• Prev by Date: Re: (ASCEND) MPP on a Max4048 with tik.m40 5.0Ap42
• Next by Date: (ASCEND) Ascend Max Training ?
• Prev by thread: (ASCEND) RFC VPN and Access Solution Comprehesion plus
• Next by thread: Re: (ASCEND) VPN to a cisco?
• Index(es):
  • Main
  • Thread