Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13506
Views
0
Helpful
2
Replies

ASA Radius configuration

Go to solution
Gordon Ross
Level 9
Level 9

‎03-27-2012 02:51 AM - edited ‎03-10-2019 06:56 PM

I'm trying to configure an ASA to use ASA for authenticaton.

I've done this before on normal IOS devices fine. But the ASAs are confusing me.

All the documentation/examples I've seen have the lines:

aaa-server my-radius-group protocol radius
aaa-server my-radius-group host 1.2.3.4
timeout 3
key “password”
authentication-port 1812
accounting-port 1813
radius-common-pw “password”

I'm assuming the "radius-common-pw" is the Radius shared secret.

What I don't understand is: What's this "key" parameter ? The IOS help just says it's the password to authenticate the NAS to the AAA server. But in Radius, that's what the shared secret does (Partially)

Can anyone explain the difference between "key" & "radius-common-pw" ?

Thanks,

GTG

Please rate all helpful posts.
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rizwanr74
Level 7
Level 7

‎03-27-2012 08:31 AM

The name is the receipy.

radius-common-pw

To specify a common password to be used for all users who are accessing this RADIUS authorization server through this security appliance, use the radius-common-pw command in AAA-server host mode.

key is specific to a client (i.e. client is a device) you create on the Radius server.

Hope that answers your question

thanks

Rizwan Rafeek

View solution in original post

0 Helpful
2 Replies 2

Go to solution
rizwanr74
Level 7
Level 7

‎03-27-2012 08:31 AM

The name is the receipy.

radius-common-pw

To specify a common password to be used for all users who are accessing this RADIUS authorization server through this security appliance, use the radius-common-pw command in AAA-server host mode.

key is specific to a client (i.e. client is a device) you create on the Radius server.

Hope that answers your question

thanks

Rizwan Rafeek

0 Helpful

Go to solution
rakeshvelagala
Level 3
Level 3
In response to rizwanr74

‎06-28-2014 08:33 PM

Common Password—Enter the common password for the group. The password is case-sensitive. The field displays only asterisks. If you are defining a RADIUS server to be used for authentication rather than authorization, do not provide a common password.

A RADIUS authorization server requires a password and username for each connecting user. You enter the password here. The RADIUS authorization server administrator must configure the RADIUS server to associate this password with each user via this security appliance. Be sure to provide this information to your RADIUS server administrator. Enter a common password for all users who are accessing this RADIUS authorization server through this security appliance.

If you leave this field blank, each user password will be the username. As a security precaution never use a RADIUS authorization server for authentication. Using common passwords or usernames as passwords is much less secure than using a strong password for each user.

0 Helpful
Customers Also Viewed These Support Documents