Encryption between ASA and AAA server

Unanswered Question
Jun 9th, 2010


I have created a SSL VPN and it working perfect. however, it seems like I can't encrypt the user authentication traffic between the ASA and AAA server. any ideas?

Please help.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Wed, 06/09/2010 - 06:47

Hi Emmanuel,

Which authentication method are you using between the ASA and the AAA server for SSL user authentication?

You're saying the authentication works well but in clear text? How are you trying to encrypt this traffic?


emmanuel.shoroma Wed, 06/09/2010 - 06:58


yes the authentication is clear textand working fine. I am trying to encrypt this.  I am using the ASDM to configure and I don't have an option to choose betwee PAP, CHAP, MS-CHAP or MS-CHAP V2. it seems like it is defaulted to PAP which is unencrypted.

On the same ASA, I do have the IPsec configurations and with that I can chose the authentication method but can't do that with the SSL-VPN.


Federico Coto F... Wed, 06/09/2010 - 08:04

Which authentication method do you use for IPsec VPN users that authenticate agains the AAA? (Radius, TACACS+,etc)

Is this AAA an ACS?


Federico Coto F... Thu, 06/10/2010 - 13:12


You have a Radius server authenticating the remote IPsec clients?

If it is just plain Radius packets between the ASA and the AAA server, only the payload gets encrypted (not the entire packet as opposed to TACACS+)


emmanuel.shoroma Tue, 06/15/2010 - 05:08

Hi, thanks for your help. am I then right to say with Radius the user name will be plain text and the password encrypted using the secret key?



This Discussion