L2TP ppp authentication protocol for ASA 5510

Discussion in 'Cisco' started by willsmith1701@yahoo.com, Apr 17, 2007.

  1. Guest

    Is anyone using L2TP for remote access connections to an ASA 5510? If
    so, what PPP authentication protocol are you using?

    Cisco TAC assisted in configuring the L2TP remote access on the ASA,
    and configured it with PAP saying that was the only protocol that
    would work because the authentication server we are using is Kerberos
    (the server is a Windows Active Directory domain controller). I'm wary
    of using a protocol that sends the password in clear text. Can this be
    right? Shouldn't I be able to use Chap v1 or 2?

    The fos version on the asa is 7.2(1). We're using the cli for
    configuration.


    Any specific suggestions as to how this might be set up with a more
    secure authentication protocol would be appreciated.
     
    , Apr 17, 2007
    #1
    1. Advertising

  2. Guest

    Hi,

    this is what worked for me,

    tunnel-group DefaultRAGroup general-attributes
    password-management

    tunnel-group DefaultRAGroup ppp-attributes
    no authentication chap
    authentication ms-chap-v2

    This way you'll enable password change through VPN client. You can
    finde more info here http://tinyurl.com/39g646

    Regards

    Martin

    napísal(a):
    > Is anyone using L2TP for remote access connections to an ASA 5510? If
    > so, what PPP authentication protocol are you using?
    >
    > Cisco TAC assisted in configuring the L2TP remote access on the ASA,
    > and configured it with PAP saying that was the only protocol that
    > would work because the authentication server we are using is Kerberos
    > (the server is a Windows Active Directory domain controller). I'm wary
    > of using a protocol that sends the password in clear text. Can this be
    > right? Shouldn't I be able to use Chap v1 or 2?
    >
    > The fos version on the asa is 7.2(1). We're using the cli for
    > configuration.
    >
    >
    > Any specific suggestions as to how this might be set up with a more
    > secure authentication protocol would be appreciated.
     
    , Apr 18, 2007
    #2
    1. Advertising

  3. Guest

    Martin,

    Thanks for the reply, but I'm using the integrated windows l2tp client
    with kerberos authentication, not the cisco client with radius
    authentication, so I don't think the link you referred me to applies
    to my situation.



    On Apr 18, 2:55 am, wrote:
    > Hi,
    >
    > this is what worked for me,
    >
    > tunnel-group DefaultRAGroup general-attributes
    > password-management
    >
    > tunnel-group DefaultRAGroup ppp-attributes
    > no authentication chap
    > authentication ms-chap-v2
    >
    > This way you'll enable password change through VPN client. You can
    > finde more info herehttp://tinyurl.com/39g646
    >
    > Regards
    >
    > Martin
    >
    > napísal(a):
    >
    > > Is anyone using L2TP for remote access connections to an ASA 5510? If
    > > so, what PPP authentication protocol are you using?

    >
    > > Cisco TAC assisted in configuring the L2TP remote access on the ASA,
    > > and configured it with PAP saying that was the only protocol that
    > > would work because the authentication server we are using is Kerberos
    > > (the server is a Windows Active Directory domain controller). I'm wary
    > > of using a protocol that sends the password in clear text. Can this be
    > > right? Shouldn't I be able to use Chap v1 or 2?

    >
    > > The fos version on the asa is 7.2(1). We're using the cli for
    > > configuration.

    >
    > > Any specific suggestions as to how this might be set up with a more
    > > secure authentication protocol would be appreciated.
     
    , Apr 19, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gary
    Replies:
    2
    Views:
    2,121
  2. Georg Dingler
    Replies:
    3
    Views:
    820
    Georg Dingler
    Sep 15, 2006
  3. Tilman Schmidt
    Replies:
    0
    Views:
    3,406
    Tilman Schmidt
    Jan 24, 2008
  4. Tilman Schmidt
    Replies:
    5
    Views:
    19,566
    Lutz Donnerhacke
    Feb 18, 2008
  5. Giuen
    Replies:
    0
    Views:
    1,519
    Giuen
    Sep 12, 2008
Loading...

Share This Page