Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Encryption AAA

Hi,

Just wisht to ask what is the default encryption used by ASA when exchanging username/password with a radius server (Windows server).  And is there a way to change the encryption (3des to aes-128)?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Encryption AAA

RADIUS as a protocol uses an MD5 based "hiding" mechanism to encrypt the password attributes. It is a well known issue with that communication.

To make sure that traffic is encrypted I believe the best thing to do is to establish a IPSec tunnel between the server and the authenticating devices.

I hope it helps.

PK

.

1 REPLY
Cisco Employee

Re: Encryption AAA

RADIUS as a protocol uses an MD5 based "hiding" mechanism to encrypt the password attributes. It is a well known issue with that communication.

To make sure that traffic is encrypted I believe the best thing to do is to establish a IPSec tunnel between the server and the authenticating devices.

I hope it helps.

PK

.

188
Views
0
Helpful
1
Replies
CreatePlease login to create content