Encryption AAA

Answered Question
Jul 15th, 2010
User Badges:

Hi,


Just wisht to ask what is the default encryption used by ASA when exchanging username/password with a radius server (Windows server).  And is there a way to change the encryption (3des to aes-128)?


Thanks.

Correct Answer by Panos Kampanakis about 6 years 10 months ago

RADIUS as a protocol uses an MD5 based "hiding" mechanism to encrypt the password attributes. It is a well known issue with that communication.


To make sure that traffic is encrypted I believe the best thing to do is to establish a IPSec tunnel between the server and the authenticating devices.


I hope it helps.


PK

.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Panos Kampanakis Thu, 07/15/2010 - 05:40
User Badges:
  • Cisco Employee,

RADIUS as a protocol uses an MD5 based "hiding" mechanism to encrypt the password attributes. It is a well known issue with that communication.


To make sure that traffic is encrypted I believe the best thing to do is to establish a IPSec tunnel between the server and the authenticating devices.


I hope it helps.


PK

.

Actions

This Discussion