Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2051
Views
0
Helpful
2
Replies

RADIUS / TACACS Authentication across the internet

pthomsett
Level 1
Level 1

‎06-10-2002 02:08 AM - edited ‎02-21-2020 10:00 AM

Does anyone have a veiw on whether it is insecure or not to do authentication across the internet.

If I have a number of sites with PIX firewalls providing VPN access for remote users could I authenticate these users across the internet to a AAA server in the DMZ of the central site. I have tried this across the LAN-to-LAN tunnel but it doesnt seem to work, my only option is to do it across the internet not in a VPN tunnel. Does anyone deem this insecure..? I dont want to have to install a AAA server in each site.

Thanks Paul

Labels:
0 Helpful
2 Replies 2

velimirmkd
Level 1
Level 1

‎06-11-2002 06:03 AM

Hi,

I dont know your network topology, but why dont you authenticate the users after they establish the VPN tunnel?

Velimir

0 Helpful

velimirmkd
Level 1
Level 1
In response to velimirmkd

‎06-11-2002 11:33 PM

One more thing. From what I know, RADIUS sends username/password over the wire in encrypted form, (what I suppose is better), TACACS does not encrypt this info. With R you can also check the CallerID and some other nice things, what you would have to do with externas scripts using TACACS.

Just some thoughts

Velimir

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents