Remote Access Policy - Cisco Servers User Manual

Chapter 2 Deploying Cisco Secure ACS

Remote Access Policy

78-13751-01, Version 3.0
Figure 2-8 Enterprise VPN Solution
Tunnel
Home office
ISP
ISP
Tunnel
Mobile
worker
For more information about implementing VPN solutions, see the reference guide
A Primer for Implementing a Cisco Virtual Private Network.
Remote access is a broad concept. In general, it defines how the user can connect
to the LAN, or from the LAN to outside resources (that is, the Internet). There are
several ways this may occur. The methods include dial-in, ISDN, wireless
bridges, and secure internet connections. Each method incurs its own advantages
and disadvantages, and provides a unique challenge to providing AAA services.
This closely ties remote access policy to the enterprise network topology. In
addition to the method of access, other decisions can also affect how
Cisco Secure ACS is deployed; these include: specific network routing (access
lists), time-of-day access, individual restrictions on AAA client access, access
control lists (ACLs), and so on.
Remote access policies can be implemented for employees who telecommute or
for mobile users who dial in over ISDN or public switched telephone network
(PSTN). Such policies are enforced at the corporate campus with
Cisco Secure ACS and the AAA client. Inside the enterprise network, remote
access policies can control wireless access by individual employees.
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
Basic Deployment Factors for Cisco Secure ACS
VPN concentrator
Internet
Cisco Secure
Access Control
Server
2-13