cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1939
Views
0
Helpful
2
Replies

RADIUS / TACACS Authentication across the internet

pthomsett
Beginner
Beginner

Does anyone have a veiw on whether it is insecure or not to do authentication across the internet.

If I have a number of sites with PIX firewalls providing VPN access for remote users could I authenticate these users across the internet to a AAA server in the DMZ of the central site. I have tried this across the LAN-to-LAN tunnel but it doesnt seem to work, my only option is to do it across the internet not in a VPN tunnel. Does anyone deem this insecure..? I dont want to have to install a AAA server in each site.

Thanks Paul

2 Replies 2

velimirmkd
Beginner
Beginner

Hi,

I dont know your network topology, but why dont you authenticate the users after they establish the VPN tunnel?

Velimir

One more thing. From what I know, RADIUS sends username/password over the wire in encrypted form, (what I suppose is better), TACACS does not encrypt this info. With R you can also check the CallerID and some other nice things, what you would have to do with externas scripts using TACACS.

Just some thoughts

Velimir

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers