Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1807
Views
0
Helpful
1
Replies

VPN Authentication by MS IAS-radius

BILL BARTLETT
Level 1
Level 1

‎07-05-2002 01:14 PM - edited ‎02-21-2020 10:01 AM

We use VPNs between PIXs(6.2) and 3.0 Clients. I am interested in using the IAS-radius for authentication. The documentation says to have the IAS use PAP/cleartext.

How does the challenge response get handled. Is it clear text IP from the IAS to the PIX and then PIX encryption (56/3DES) to the far end? Or is it clear text all the way to the far end? or what

Labels:
0 Helpful
1 Reply 1

paqiu
Level 1
Level 1

‎07-06-2002 06:04 AM

Transactions between the client and RADIUS server are authenticated through the use of a shared secret, which is never sent over the network. In addition, any user passwords are sent encrypted between the client and RADIUS server, to eliminate the possibility that someone snooping on an unsecured network could determine a user's password.

The IAS use PAP/clear text is for Microsoft remote access or PPTP VPN.

When you config microsoft Radius server, you need choose PAP/clear text because Radius protocol using its own way to encrypte the password. CHAP or MSCHAP has MD5 one way hash will affect Radius's encryption process.

User authentication is happened after the group authentication which is the IPSEC phase 1 negotiation, so the user name and password between the PIX and remote VPN client is protected by DES or 3DES encryption.

All in one word, there is no security issue need to be worried.

Best Regards,

0 Helpful
Customers Also Viewed These Support Documents