10-05-2009 11:41 PM
Someone know if the rfc4556 is implemented in cisco vpn client (http://www.faqs.org/rfcs/rfc4556.html)
10-06-2009 06:02 AM
The ASA supports kerberos authentication, which the VPN client authenticates against. VPN client does support Certificate authentication.
PS. If you found this response helpful, please rate it.
10-06-2009 06:46 AM
if my knowledge of Kerberos are correct,is the VPN client that has to do authenticacion against the KDC. Acording the documentation is posible with login/password but not indicate if is posible with Certificates. Kerberos certificate authentication uses "special" method that is explained in rfc4556.
10-06-2009 06:55 AM
The VPN client will get an Auth Request from the ASA, which is what will talk do Kerberos authentication on behalf of the client. The VPN client itself doesn't have the ability to do that as it does not communicate directly with the Kerberos server.
10-08-2009 06:27 AM
Sorry, but i don't understand. How do ASA to use private key (in the client) to negotiate with KDC ?
Please, can you explain me who adquire the TGT and how ?
10-08-2009 10:20 AM
You can't have the client do that. Only the ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide