http://www.binarywar.com/2009/10/configure-cisco-asa-remote-access-vpn-to-use-radius/ My KB. If it helps someone else who is searching for answers...great! Fri, 03 Feb 2012 15:07:01 +0000 hourly 1 http://wordpress.org/?v=3.0.2 http://www.binarywar.com/2009/10/configure-cisco-asa-remote-access-vpn-to-use-radius/comment-page-1/#comment-87 Aaron Wed, 13 Jan 2010 18:17:02 +0000 http://www.binarywar.com/2009/10/configure-cisco-asa-remote-access-vpn-to-use-radius/#comment-87 Thanks for the tip. I'll keep that in mind. I have not yet had a need for the more secure authentication methods as the ASA deployments I have done were for an environment where the LAN interface of the ASA was on the same local subnet as the RADIUS server. Therefore, security of the RADIUS request was not of great concern. I would obviously want something more secure if the ASA was sending requests from a DMZ or sending over the Internet. Thanks again! Thanks for the tip. I’ll keep that in mind. I have not yet had a need for the more secure authentication methods as the ASA deployments I have done were for an environment where the LAN interface of the ASA was on the same local subnet as the RADIUS server. Therefore, security of the RADIUS request was not of great concern. I would obviously want something more secure if the ASA was sending requests from a DMZ or sending over the Internet. Thanks again!

]]> http://www.binarywar.com/2009/10/configure-cisco-asa-remote-access-vpn-to-use-radius/comment-page-1/#comment-86 Dan Wed, 13 Jan 2010 16:13:50 +0000 http://www.binarywar.com/2009/10/configure-cisco-asa-remote-access-vpn-to-use-radius/#comment-86 It's not necessary to use unsecured PAP authentication. MS-CHAP and MS-CHAPv2 are also supported authentication protocols, however the process of enabling this is not particularly intuitive.. which is to use password-management command in the VPN tunnel group. This consequently enables password change functionality.. but for those who don't want to use it, you can disable the password reminder notification by setting the reminder threshold to zero. See http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/p.html#wp1924502 for details. It’s not necessary to use unsecured PAP authentication. MS-CHAP and MS-CHAPv2 are also supported authentication protocols, however the process of enabling this is not particularly intuitive.. which is to use password-management command in the VPN tunnel group. This consequently enables password change functionality.. but for those who don’t want to use it, you can disable the password reminder notification by setting the reminder threshold to zero. See http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/p.html#wp1924502 for details.

]]>