Encryption AAA

Answered Question
Jul 15th, 2010

Hi,

Just wisht to ask what is the default encryption used by ASA when exchanging username/password with a radius server (Windows server).  And is there a way to change the encryption (3des to aes-128)?

Thanks.

I have this problem too.
0 votes
Correct Answer by Panos Kampanakis about 6 years 6 months ago

RADIUS as a protocol uses an MD5 based "hiding" mechanism to encrypt the password attributes. It is a well known issue with that communication.

To make sure that traffic is encrypted I believe the best thing to do is to establish a IPSec tunnel between the server and the authenticating devices.

I hope it helps.

PK

.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Panos Kampanakis Thu, 07/15/2010 - 05:40

RADIUS as a protocol uses an MD5 based "hiding" mechanism to encrypt the password attributes. It is a well known issue with that communication.

To make sure that traffic is encrypted I believe the best thing to do is to establish a IPSec tunnel between the server and the authenticating devices.

I hope it helps.

PK

.

Actions

This Discussion