Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Radius to Radius server communication

folks

i have a vpn connection coming into my network which i'm passing onto a third party network

we use radius to authenticate our own users but the new connection uses the third party's authentication server(SecureID - i think) and they now want to our radius server and theirs to use proxy radius authentication so our radius server will authenticate their users

my concern is that as i know nothing about this i could be introducing a hole in my security model by inadvertently passing on or allowing them to pull our user details to their radius server

has anyone any ideas, thoughts or relevant documents on this please

many thanks to anyone taking the time to reply

1 REPLY

Re: Radius to Radius server communication

Hi,

Though there wont be any security hole in such a setup. As you just have to see on which parameters you'll decide that a request need to be proxied to their Radius server for authentication. In general all radius servers have this proxy feature.

If you have ACS server, then you can accomplish this by configuring SecureID as an external Database.

Here's something that will help you with ACS-SecureID,

http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_ACS_401_AuthMan61.pdf

http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_ACS_333_11_AuthMan6.1.pdf

Apart from this if you want to really proxy the request, I can help you with ACS,

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/user/netcfg.htm#wp341876

I m sure pure proxy feature is there in most of the radius servers.

Regards,

Prem

113
Views
0
Helpful
1
Replies