Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
554
Views
0
Helpful
1
Replies

PIX 515e and IAS RADIUS Authenication Question..

lloydt
Level 1
Level 1

‎02-07-2005 09:11 AM

I have setup a PIX 515e with group VPN. It authenticates to a WIndows Server 2003 IAS RADIUS installation. To configure this I performed the following;

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml#configuringthemicrosoftserverwithias

The only difference in my solution is the VPN client is 4.0 (maybe there is added support now?)

Per Cisco. However, this method only allows PAP|SPAP authentication method which doesn't support encryption.

Without using a CA or configuring "VPN Pass-through" is there any way to increase the authentication to a more secure protocol like MSChap v2? If there isn't how secure am I and should I setup specific users for VPN only?

TIA!

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎02-07-2005 04:29 PM

The Radius traffic between the PIX and the IAS server will still have the password encrypted based on the shared key that you have set up on each device, this is standard Radius.

The PIX will receive the users password over the Phase 1 IKE tunnel so this is safe as it passes over the Internet. It will then pass that password to the internal Radius server as a standard PAP password, but as I said, Radius will encrypt that section of the packet that contains the password automatically.

0 Helpful
Customers Also Viewed These Support Documents