Cisco VPN client and kerberos

commarmi001 · ‎10-05-2009

Someone know if the rfc4556 is implemented in cisco vpn client (http://www.faqs.org/rfcs/rfc4556.html)

auraza · ‎10-06-2009

The ASA supports kerberos authentication, which the VPN client authenticates against. VPN client does support Certificate authentication.

PS. If you found this response helpful, please rate it.

commarmi001 · ‎10-06-2009

if my knowledge of Kerberos are correct,is the VPN client that has to do authenticacion against the KDC. Acording the documentation is posible with login/password but not indicate if is posible with Certificates. Kerberos certificate authentication uses "special" method that is explained in rfc4556.

auraza · ‎10-06-2009

The VPN client will get an Auth Request from the ASA, which is what will talk do Kerberos authentication on behalf of the client. The VPN client itself doesn't have the ability to do that as it does not communicate directly with the Kerberos server.

commarmi001 · ‎10-08-2009

Sorry, but i don't understand. How do ASA to use private key (in the client) to negotiate with KDC ?

Please, can you explain me who adquire the TGT and how ?

auraza · ‎10-08-2009

You can't have the client do that. Only the ASA.