cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2077
Views
0
Helpful
2
Replies

RADIUS / TACACS Authentication across the internet

pthomsett
Level 1
Level 1

Does anyone have a veiw on whether it is insecure or not to do authentication across the internet.

If I have a number of sites with PIX firewalls providing VPN access for remote users could I authenticate these users across the internet to a AAA server in the DMZ of the central site. I have tried this across the LAN-to-LAN tunnel but it doesnt seem to work, my only option is to do it across the internet not in a VPN tunnel. Does anyone deem this insecure..? I dont want to have to install a AAA server in each site.

Thanks Paul

2 Replies 2

velimirmkd
Level 1
Level 1

Hi,

I dont know your network topology, but why dont you authenticate the users after they establish the VPN tunnel?

Velimir

One more thing. From what I know, RADIUS sends username/password over the wire in encrypted form, (what I suppose is better), TACACS does not encrypt this info. With R you can also check the CallerID and some other nice things, what you would have to do with externas scripts using TACACS.

Just some thoughts

Velimir