Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1594
Views
0
Helpful
2
Replies

Setup Radius Authentication for administrator in Palo Alto

wong.raymond
Level 1
Level 1

‎05-09-2018 09:11 AM

I tried to setup Radius in ISE to do the administrator authentication for Palo Alto Firewall. I have the following security challenge from the security team.

 

Both Radius/TACACS+ use CHAP or PAP/ASCII

By CHAP – we have to enable reversible encryption of password which is hackable .

  https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption

By PAP/ASCII – the password is in pain text sending between the Radius server and the Palo Alto. It is insecure.

  

If I wish to use Cisco ISE to do the administrator authentication , what is the recommended authentication method that we can use? Thanks

0 Helpful
2 Replies 2

gbekmezi-DD
Level 5
Level 5

‎05-09-2018 12:17 PM

Does this help?

https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_01101.html

Preview file
213 KB
0 Helpful

hslai
Cisco Employee
Cisco Employee

‎05-10-2018 05:53 PM

ISE can do IPSec -- Configure ISE 2.2 IPSEC to Secure NAD (IOS) Communication - Cisco

Else, ensure the communications between ISE and the NADs are on a separate network.

0 Helpful
Customers Also Viewed These Support Documents