06-09-2010 06:41 AM
Hi,
I have created a SSL VPN and it working perfect. however, it seems like I can't encrypt the user authentication traffic between the ASA and AAA server. any ideas?
Please help.
Regards,
06-09-2010 06:47 AM
Hi Emmanuel,
Which authentication method are you using between the ASA and the AAA server for SSL user authentication?
You're saying the authentication works well but in clear text? How are you trying to encrypt this traffic?
Federico.
06-09-2010 06:58 AM
Hi,
yes the authentication is clear textand working fine. I am trying to encrypt this. I am using the ASDM to configure and I don't have an option to choose betwee PAP, CHAP, MS-CHAP or MS-CHAP V2. it seems like it is defaulted to PAP which is unencrypted.
On the same ASA, I do have the IPsec configurations and with that I can chose the authentication method but can't do that with the SSL-VPN.
Regards,
06-09-2010 08:04 AM
Which authentication method do you use for IPsec VPN users that authenticate agains the AAA? (Radius, TACACS+,etc)
Is this AAA an ACS?
Federico.
06-10-2010 12:08 AM
It is Radius. we are using our AD server.
06-10-2010 01:12 PM
Emmanuel,
You have a Radius server authenticating the remote IPsec clients?
If it is just plain Radius packets between the ASA and the AAA server, only the payload gets encrypted (not the entire packet as opposed to TACACS+)
Federico.
06-15-2010 05:08 AM
Hi, thanks for your help. am I then right to say with Radius the user name will be plain text and the password encrypted using the secret key?
Regards,
06-15-2010 06:09 AM
i.e.
Radius encrypts only the payload.
TACACS+ encrypts the entire packet.
Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: