Does anyone have a veiw on whether it is insecure or not to do authentication across the internet.
If I have a number of sites with PIX firewalls providing VPN access for remote users could I authenticate these users across the internet to a AAA server in the DMZ of the central site. I have tried this across the LAN-to-LAN tunnel but it doesnt seem to work, my only option is to do it across the internet not in a VPN tunnel. Does anyone deem this insecure..? I dont want to have to install a AAA server in each site.
One more thing. From what I know, RADIUS sends username/password over the wire in encrypted form, (what I suppose is better), TACACS does not encrypt this info. With R you can also check the CallerID and some other nice things, what you would have to do with externas scripts using TACACS.