i have a vpn connection coming into my network which i'm passing onto a third party network
we use radius to authenticate our own users but the new connection uses the third party's authentication server(SecureID - i think) and they now want to our radius server and theirs to use proxy radius authentication so our radius server will authenticate their users
my concern is that as i know nothing about this i could be introducing a hole in my security model by inadvertently passing on or allowing them to pull our user details to their radius server
has anyone any ideas, thoughts or relevant documents on this please
Though there wont be any security hole in such a setup. As you just have to see on which parameters you'll decide that a request need to be proxied to their Radius server for authentication. In general all radius servers have this proxy feature.
If you have ACS server, then you can accomplish this by configuring SecureID as an external Database.
Here's something that will help you with ACS-SecureID,
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...