Windows Server 2016 or Cisco 1900 router as vpn device for a connection with active directory authentification?

Question

I am relatively new to vpns, so please excuse me if my question is a little bit off.

In my test scenario i have a small company network with a client to site vpn. This network contains a DC, Fileserver, Sharepoints and so on... Users of the vpn connection should only authenticate with their AD accounts. The vpn server is the last thing that has to be implemented but i do not know which solution i should use. I did some research an came across two solutions. - Windows Server 2016 with RRAS - Cisco Router

Question 1: Can someone please explain me the differences between these two solutions in case of performance, security and scalability?

Question 2: How do you implement AD authentication on an Cisco 1900 Router?

Question 1, its opinion based imo, question 2 search radius, and come back if you got problem to implement it. — yagmoth555, Sep 16 '17 at 17:49
What solution would you prefer? Windows/Linux server or Cisco router? @yagmoth555 — Tyler, Sep 20 '17 at 15:47

score 0 · Answer 1 · answered Sep 21 '17 at 16:47

For your first question: My preference is to have the VPN terminate at the router. Then you are controlling access at the boundary of your network.

For your second question: AD authentication can be done either with a radius server or LDAP server. LDAP is slightly easier because you just need the right LDAP configuration. Radius would require deployment of NAP role on a server along with some policy configuration.

See AAA LDAP Configuration Guide

Windows Server 2016 or Cisco 1900 router as vpn device for a connection with active directory authentification?

1 Answers1