Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RADIUS / TACACS Authentication across the internet

Does anyone have a veiw on whether it is insecure or not to do authentication across the internet.

If I have a number of sites with PIX firewalls providing VPN access for remote users could I authenticate these users across the internet to a AAA server in the DMZ of the central site. I have tried this across the LAN-to-LAN tunnel but it doesnt seem to work, my only option is to do it across the internet not in a VPN tunnel. Does anyone deem this insecure..? I dont want to have to install a AAA server in each site.

Thanks Paul

2 REPLIES
New Member

Re: RADIUS / TACACS Authentication across the internet

Hi,

I dont know your network topology, but why dont you authenticate the users after they establish the VPN tunnel?

Velimir

New Member

Re: RADIUS / TACACS Authentication across the internet

One more thing. From what I know, RADIUS sends username/password over the wire in encrypted form, (what I suppose is better), TACACS does not encrypt this info. With R you can also check the CallerID and some other nice things, what you would have to do with externas scripts using TACACS.

Just some thoughts

Velimir

255
Views
0
Helpful
2
Replies