NDS
Bindery
Native
Workgroups
NT Domains
RADIUS Server
for NetWare
RAS
Telecommuter
Mobile user
Internet Users
Enterprise LAN
Link to
ISP (T1)
CPE router
and/or firewall
Modem bankRAS Proxy RADIUS
Server for UNIX
Telecommuter
Mobile user
Internet Service Provider Remote Users
Native
RADIUS Server
for NT
ISP Private Network
Enterprise (ISP Subscriber)
virtual private network connection or directly
to the Enterprise network without going
through an
ISP.
Internet Service Provider
The Remote Access Server (Figure 1) resides
at the
ISP and supports SLIP or PPP dial-in
calls,authenticates each user via the
RADIUS
(or Proxy RADIUS) Server,and then routes
that user onto the Enterprise network.
Most
RAS devices can handle multiple dial-
in users at once,and the corporate network
might include a single
RAS or multiple
remote access servers working in tandem.
The “Proxy
RADIUS”server resides at the ISP,
and forwards requests from the
RAS located
at the
ISP to a RADIUS server located at
the Enterprise.This is like call-forwarding,
where an
ISP can direct all authentication
and accounting transactions to an Enter-
prise
LAN’s RADIUS server.The user name
is parsed,usually by domain such as
jdoe@company.com,to obtain the orga-
nization name.The organization’s name
determines the
IP address of the target
RADIUS server.
Enterprise (
ISP Subscriber)
The Enterprise
RADIUS Server (Figure 1)
accepts authentication requests from the
ISP’s Proxy RADIUS server,performs the
authentication,and responds with the
result—either an accept or a reject.
In a typical Enterprise installation,a single
RADIUS server handles all remote access.
Companies with Remote Access Servers at
multiple sites could elect to have a separate
RADIUS Server at each site.However,if the
various sites were linked over a
WAN of
reasonable speed or over the Internet,a
single
RADIUS server could handle multiple
Remote Access Servers at multiple sites.
ISP Remote Access with RADIUS
White Paper RADIUS Security Technology 3
The
ISP remote access environment using
RADIUS has four main components:Remote
Users,Remote Access Servers
(RAS),Proxy
RADIUS Servers,and the Enterprise RADIUS
server.Each user is a client of a RAS;each RAS
is both server to the user and client of the
RADIUS server.Each of the four components
of the
ISP remote access environment
participates in the
AAA transaction process.
Remote Users
The remote user (Figure 1) is the person
trying to gain access to the Enterprise net-
work from home or a remote location.
Typically,the remote user has a Serial Line
Internet Protocol
(SLIP) or Point-to Point
Protocol
(PPP) dialer such as the MS
Windows 95 dial-up networking client that
allows the user to dial over the Internet
Protocol
(IP) into a Remote Access Server
(RAS) at the ISP.The user can obtain access
to the Enterprise network either through a
Figure 1: RADIUS provides a gateway between
users,ISP “Proxy RADIUS” access,and Enterprise
LAN authentication.
Figure 1 RADIUS Security for Virtual Private Networks
(63 Seiten)
(76 Seiten)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern