https://community.cisco.com/t5/network-access-control/radius-to-radius-server-communication/m-p/755613#M420487 <P>folks</P><P></P><P>i have a vpn connection coming into my network which i'm passing onto a third party network</P><P></P><P>we use radius to authenticate our own users but the new connection uses the third party's authentication server(SecureID - i think) and they now want to our radius server and theirs to use proxy radius authentication so our radius server will authenticate their users</P><P></P><P>my concern is that as i know nothing about this i could be introducing a hole in my security model by inadvertently passing on or allowing them to pull our user details to their radius server</P><P></P><P>has anyone any ideas, thoughts or relevant documents on this please</P><P></P><P>many thanks to anyone taking the time to reply</P> Sun, 10 Mar 2019 22:11:54 GMT mulhollandm 2019-03-10T22:11:54Z https://community.cisco.com/t5/network-access-control/radius-to-radius-server-communication/m-p/755613#M420487 <P>folks</P><P></P><P>i have a vpn connection coming into my network which i'm passing onto a third party network</P><P></P><P>we use radius to authenticate our own users but the new connection uses the third party's authentication server(SecureID - i think) and they now want to our radius server and theirs to use proxy radius authentication so our radius server will authenticate their users</P><P></P><P>my concern is that as i know nothing about this i could be introducing a hole in my security model by inadvertently passing on or allowing them to pull our user details to their radius server</P><P></P><P>has anyone any ideas, thoughts or relevant documents on this please</P><P></P><P>many thanks to anyone taking the time to reply</P> Sun, 10 Mar 2019 22:11:54 GMT https://community.cisco.com/t5/network-access-control/radius-to-radius-server-communication/m-p/755613#M420487 mulhollandm 2019-03-10T22:11:54Z https://community.cisco.com/t5/network-access-control/radius-to-radius-server-communication/m-p/755614#M420489 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Though there wont be any security hole in such a setup. As you just have to see on which parameters you'll decide that a request need to be proxied to their Radius server for authentication. In general all radius servers have this proxy feature.</P><P></P><P>If you have ACS server, then you can accomplish this by configuring SecureID as an external Database.</P><P></P><P>Here's something that will help you with ACS-SecureID,</P><P></P><P><A class="jive-link-custom" href="http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_ACS_401_AuthMan61.pdf" target="_blank">http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_ACS_401_AuthMan61.pdf</A></P><P><A class="jive-link-custom" href="http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_ACS_333_11_AuthMan6.1.pdf" target="_blank">http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_ACS_333_11_AuthMan6.1.pdf</A></P><P></P><P>Apart from this if you want to really proxy the request, I can help you with ACS,</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/user/netcfg.htm#wp341876" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/user/netcfg.htm#wp341876</A></P><P></P><P>I m sure pure proxy feature is there in most of the radius servers.</P><P></P><P>Regards,</P><P>Prem</P></BODY></HTML> Wed, 06 Jun 2007 11:02:57 GMT https://community.cisco.com/t5/network-access-control/radius-to-radius-server-communication/m-p/755614#M420489 Premdeep Banga 2007-06-06T11:02:57Z