Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Encryption between ASA and AAA server

Hi,

I have created a SSL VPN and it working perfect. however, it seems like I can't encrypt the user authentication traffic between the ASA and AAA server. any ideas?

Please help.

Regards,

7 REPLIES

Re: Encryption between ASA and AAA server

Hi Emmanuel,

Which authentication method are you using between the ASA and the AAA server for SSL user authentication?

You're saying the authentication works well but in clear text? How are you trying to encrypt this traffic?

Federico.

New Member

Re: Encryption between ASA and AAA server

Hi,

yes the authentication is clear textand working fine. I am trying to encrypt this.  I am using the ASDM to configure and I don't have an option to choose betwee PAP, CHAP, MS-CHAP or MS-CHAP V2. it seems like it is defaulted to PAP which is unencrypted.

On the same ASA, I do have the IPsec configurations and with that I can chose the authentication method but can't do that with the SSL-VPN.

Regards,

Re: Encryption between ASA and AAA server

Which authentication method do you use for IPsec VPN users that authenticate agains the AAA? (Radius, TACACS+,etc)

Is this AAA an ACS?

Federico.

New Member

Re: Encryption between ASA and AAA server

It is Radius. we are using our AD server.

Re: Encryption between ASA and AAA server

Emmanuel,

You have a Radius server authenticating the remote IPsec clients?

If it is just plain Radius packets between the ASA and the AAA server, only the payload gets encrypted (not the entire packet as opposed to TACACS+)

Federico.

New Member

Re: Encryption between ASA and AAA server

Hi, thanks for your help. am I then right to say with Radius the user name will be plain text and the password encrypted using the secret key?

Regards,

Re: Encryption between ASA and AAA server

i.e.

Radius encrypts only the payload.

TACACS+ encrypts the entire packet.

Federico.

443
Views
0
Helpful
7
Replies
CreatePlease to create content