cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1141
Views
0
Helpful
2
Replies
Highlighted
Beginner

AAA for VPN - Kerberos, LDAP or NT Domain?

All,

After a little feedback on what you guys think is the better authentication method for AAA for VPN clients when authenticating against a Windows domain for remote access?

I've always used "NT Domain" as it seemed to roughly correspond to the NT Auth I was used to using on the old Concentrators. However I've (finally) decided to have a look at the Kerberos and LDAP since they must have been added for a reason...

As far as I can tell LDAP adds the option to search AD a little more finely (Base DN) but that's about it. Am I missing something? Is there more of a reason to use LDAP or Kerberos over NT Domain for auth?

What's more reliable? What are you guys using?

Cheers!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advocate

Either one is reliable, you get the option to map users in different group-policies or apply different DAP policy based on their Group Membership. If you are after basic authentication then your method is still the best way to go.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

2 REPLIES 2
Highlighted
Advocate

Either one is reliable, you get the option to map users in different group-policies or apply different DAP policy based on their Group Membership. If you are after basic authentication then your method is still the best way to go.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

Highlighted

Many thanks!

Content for Community-Ad