«

Is anyone using L2TP for remote access connections to an ASA 5510? If
so, what PPP authentication protocol are you using?

Cisco TAC assisted in configuring the L2TP remote access on the ASA,
and configured it with PAP saying that was the only protocol that
would work because the authentication server we are using is Kerberos
(the server is a Windows Active Directory domain controller). I'm wary
of using a protocol that sends the password in clear text. Can this be
right? Shouldn't I be able to use Chap v1 or 2?

The fos version on the asa is 7.2(1). We're using the cli for
configuration.


Any specific suggestions as to how this might be set up with a more
secure authentication protocol would be appreciated.

Hi,

this is what worked for me,

tunnel-group DefaultRAGroup general-attributes
password-management

tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2

This way you'll enable password change through VPN client. You can
finde more info here http://tinyurl.com/39g646

Regards

Martin

napísal(a):
> Is anyone using L2TP for remote access connections to an ASA 5510? If
> so, what PPP authentication protocol are you using?
>
> Cisco TAC assisted in configuring the L2TP remote access on the ASA,
> and configured it with PAP saying that was the only protocol that
> would work because the authentication server we are using is Kerberos
> (the server is a Windows Active Directory domain controller). I'm wary
> of using a protocol that sends the password in clear text. Can this be
> right? Shouldn't I be able to use Chap v1 or 2?
>
> The fos version on the asa is 7.2(1). We're using the cli for
> configuration.
>
>
> Any specific suggestions as to how this might be set up with a more
> secure authentication protocol would be appreciated.

Martin,

Thanks for the reply, but I'm using the integrated windows l2tp client
with kerberos authentication, not the cisco client with radius
authentication, so I don't think the link you referred me to applies
to my situation.



On Apr 18, 2:55 am, martin.rub...@gmail.com wrote:
> Hi,
>
> this is what worked for me,
>
> tunnel-group DefaultRAGroup general-attributes
> password-management
>
> tunnel-group DefaultRAGroup ppp-attributes
> no authentication chap
> authentication ms-chap-v2
>
> This way you'll enable password change through VPN client. You can
> finde more info herehttp://tinyurl.com/39g646
>
> Regards
>
> Martin
>
> willsmith1...@yahoo.com napísal(a):
>
> > Is anyone using L2TP for remote access connections to an ASA 5510? If
> > so, what PPP authentication protocol are you using?
>
> > Cisco TAC assisted in configuring the L2TP remote access on the ASA,
> > and configured it with PAP saying that was the only protocol that
> > would work because the authentication server we are using is Kerberos
> > (the server is a Windows Active Directory domain controller). I'm wary
> > of using a protocol that sends the password in clear text. Can this be
> > right? Shouldn't I be able to use Chap v1 or 2?
>
> > The fos version on the asa is 7.2(1). We're using the cli for
> > configuration.
>
> > Any specific suggestions as to how this might be set up with a more
> > secure authentication protocol would be appreciated.