Re: AAA behind PIX / ASA Question

From: Kal Han (calikali2006@gmail.com)
Date: Thu Nov 16 2006 - 01:30:23 ART

• Next message: Mister T: "Re: VTP issue with IEWB-RS version 4 sample lab"
• Previous message: Elliott Reyes: "RE: VTP issue with IEWB-RS version 4 sample lab"
• Maybe in reply to: christianus sandjaja: "AAA behind PIX / ASA Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

In terms of security, its always good to hide the real IP.
that way second solution is good. Guess.. for the exam also
...thats good.

In terms of configuring ACL for that server or using that aaa server by any
outside router, its easy to "remember" it IP, when you leave the
real ip ( using your first solution )

I will go with the second solution, tho it needs some extra
stuff to remember ( xlated ip -;) )

Kal

On 11/15/06, christianus sandjaja <netwrangers@yahoo.com> wrote:
>
> hi guys
>
> If there is an aaa server behind PIX /ASA and the question doesn`t
> state anything about static mapping address so do you think which is the
> best
> solution
>
> create :
>
> static (inside,outside) real_aaa_ip-address
> real_aaa_ip_address netmask x.x.x.x
>
> or
>
> static (inside,outside)
> nat_ip_address_for_aaa real_aaa_ip_address netmask x.x.x.x
>
> thanks.
>
> rgrd
> chris

• Next message: Mister T: "Re: VTP issue with IEWB-RS version 4 sample lab"
• Previous message: Elliott Reyes: "RE: VTP issue with IEWB-RS version 4 sample lab"
• Maybe in reply to: christianus sandjaja: "AAA behind PIX / ASA Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:47 ART