06-10-2002 02:08 AM - edited 02-21-2020 10:00 AM
Does anyone have a veiw on whether it is insecure or not to do authentication across the internet.
If I have a number of sites with PIX firewalls providing VPN access for remote users could I authenticate these users across the internet to a AAA server in the DMZ of the central site. I have tried this across the LAN-to-LAN tunnel but it doesnt seem to work, my only option is to do it across the internet not in a VPN tunnel. Does anyone deem this insecure..? I dont want to have to install a AAA server in each site.
Thanks Paul
06-11-2002 06:03 AM
Hi,
I dont know your network topology, but why dont you authenticate the users after they establish the VPN tunnel?
Velimir
06-11-2002 11:33 PM
One more thing. From what I know, RADIUS sends username/password over the wire in encrypted form, (what I suppose is better), TACACS does not encrypt this info. With R you can also check the CallerID and some other nice things, what you would have to do with externas scripts using TACACS.
Just some thoughts
Velimir
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: