Solved: Any way to see authentication protocol used?

divitchev@hainc.com · ‎11-29-2017

We're using radius, asa 9.6.x and windows 2012 nps. Our client is asking if there is any way to prove what authentication protocol is being used for anyconnect clients. I understand that PAP is being used by default and MSCHAPV2 is default when password management and or mschapv2-capable is used.

I did radius debug on the asa but it doesn't show what authentication protocol is used. Client checked NPS logs but they don't show protocol either.

Arne Bier · ‎11-29-2017

Unless there is another smart way, you can run wireshark on the NPS server and see what comes in. Filter on radius packets and then drill down the authentication requests and check.

View solution in original post

Arne Bier · ‎11-29-2017

Unless there is another smart way, you can run wireshark on the NPS server and see what comes in. Filter on radius packets and then drill down the authentication requests and check.

Francesco Molino · ‎11-29-2017

Hi

You can see it on windows nps. I don't have any ASA vpn authentication through nps but have some wired users and here a sample output:

Authentication Details:
Connection Request Policy Name:
Use Windows authentication for all users
Network Policy Name:
lab wired nps
Authentication Provider:
Windows
Authentication Server:
xxxxx.xxxxx.xxxxx
Authentication Type:
MS-CHAPv2
EAP Type: -
Account Session Identifier:

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

divitchev@hainc.com · ‎11-30-2017

Here's what I got from our client:
"Authentication Type in the NPS logs is just “Extension” which is referring to my Azure MFA NPS Extension"
We were able to get protocol via wireshark though. Thank you.

Francesco Molino · ‎11-30-2017

You're welcome
With wireshark it's sure you have.
But with NPS you should have it as well.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question