SRX

 View Only
last person joined: 22 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

MSCHAPv2 instead of PAP in phase 1 RADIUS authentication

  • 1.  MSCHAPv2 instead of PAP in phase 1 RADIUS authentication

    Posted 9 days ago

    I'm implementing a Juniper Secure Connect configuration.

    I've got it to work with RADIUS authentication, but for some reason the phase 1 authentication is always done with PAP - which is unacceptably insecure.

    I've set the password-protocol mschap-v2 flag under [system radius-options] and indeed the phase 2 authentication is being done with EAP-MSCHAP v2, but phase 1 remains PAP.

    I haven't found any documentation on how I can also make phase 1 use MSCHAPv2.

    Any suggestions?



    ------------------------------
    Lars Kristensson
    ------------------------------