Firewall Wizards mailing list archives
RE: How AAA in PIX Firewall ?
From: Adel Guia Cruz <aguia () fifomi gob mx>
Date: Thu, 4 Dec 2003 14:32:31 -0600
Hello WES I check Websense and N2H2 and this is exactly what I need for Filter HTTP in PIX Firewall. The Pix and the software use IFP protocol (Internet Filter Protocol) to communicate. The problem is that this software are very expensive, you know another solution less expensive. So I need to buy PIX Firewall and a content filtering software (That support IFP to communicate with PIX ), and for authentication I can use Microsoft IAS ? Thanks for the advises -----Mensaje original----- De: Wes Noonan [mailto:mailinglists () wjnconsulting com] Enviado el: miércoles, 03 de diciembre de 2003 20:04 Para: 'Adel Guia Cruz'; firewall-wizards () honor icsalabs com Asunto: RE: [fw-wiz] How AAA in PIX Firewall ? 1) Not necessarily. You could go netopia or something similar for the remote sites. If not, the cost of 15 PIX 501's would be somewhere in the $6000-7000 range which is about $3000 more give or take what a 515E-UR would cost. 2) I would recommend setting up a content filtering server as that sounds more in line with what you really need. PIX supports Websense and N2H2 for content filtering. Don't sweat the English. It's better than my Spanish. :-) HTH Wes Noonan mailinglists () wjnconsulting com http://www.wjnconsulting.com
-----Original Message----- From: Adel Guia Cruz [mailto:aguia () fifomi gob mx] Sent: Wednesday, December 03, 2003 17:51 To: mailinglists () wjnconsulting com; 'Adel Guia Cruz'; firewall- wizards () honor icsalabs com Subject: RE: [fw-wiz] How AAA in PIX Firewall ? 1) The problem of use site-to-site VPN is that I need to buy 1 PIX Firewall peer remote office (Total of 15 PIX 501) and this is more expensive that individual VPN, or not ? 2)I need AAA for controlling users access to the Internet. My network is Microsoft Windows Network with 2 Domain Controller and I need to Authenticate, filter URL and log the activity of the user that will use NAT trough the PIX , How can I do that ? I know that exist RADIUS server software, but the problems is if they do that, and what of this SERVER do it ? In case of controlling remote access to the firewall I only need authentication. Thanks and I´m sorry because my English is not good, my native language is Spanish ADEL -----Mensaje original----- De: Wes Noonan [mailto:mailinglists () wjnconsulting com] Enviado el: miércoles, 03 de diciembre de 2003 14:55 Para: 'Adel Guia Cruz'; firewall-wizards () honor icsalabs com Asunto: RE: [fw-wiz] How AAA in PIX Firewall ? 1) The PIX 506 should work fine, as long as you don't need more than 2 interfaces, failover or more than 25 VPN peers. You mention that you need 75, but you might be better served using site-to-site VPN connections instead of individual VPNs for each user. If you really need 75 VPN peers though, then you have to go with a 515 or larger. 2) Are you wanting AAA for controlling access to the firewall or controlling user access to the internet. If the prior you can use local usernames or RADIUS for authentication. If the latter, you can still use RADIUS for authentication though I believe that you largely give up the ability to do authorization or accounting without TACACS+. HTH Wes Noonan Mailinglists () wjnconsulting com http://www.wjnconsulting.com-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Adel Guia Cruz Sent: Wednesday, December 03, 2003 13:45 To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] How AAA in PIX Firewall ? I need to implement a Firewall, VPN and IDS solution in my CentralOfficenetwork. The network structure is one Central Office with 150 nodes (50 nodes need Internet access) and 15 Remote Small Office with 5 node peer Remote Office. The Central Office have only one internet connection HDSL 256Kbps andtheremote office are connected to Central Office thought Internet. I think that Cisco PIX Firewall is a good choice but I need some advise: 1- How to implement AAA (Authentication, Authorization, Accounting)inPIX firewall. I now that Cisco have the "Cisco Secure Access Control Server" for AAA but is very expensive. Is possible to implement AAA without"CiscoSecure ACS" in PIX firewall, if is possible what will bee thelimitations? 2- Is PIX 506 sufficient to me, or I need the next PIX 515-UR? Ineedat less 75 concurrent VPN connections. Thanks _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- How AAA in PIX Firewall ? Adel Guia Cruz (Dec 03)
- RE: How AAA in PIX Firewall ? Wes Noonan (Dec 03)
- <Possible follow-ups>
- RE: How AAA in PIX Firewall ? Melson, Paul (Dec 03)
- RE: How AAA in PIX Firewall ? Adel Guia Cruz (Dec 06)
- RE: How AAA in PIX Firewall ? Wes Noonan (Dec 06)
- RE: How AAA in PIX Firewall ? Ray Burkholder (Dec 11)
- RE: How AAA in PIX Firewall ? Wes Noonan (Dec 06)
- RE: How AAA in PIX Firewall ? Adel Guia Cruz (Dec 06)
- RE: How AAA in PIX Firewall ? Wes Noonan (Dec 06)