Re: What exactly does "if-needed" do in the aaa authentication c
"if-needed" generally used for authentication scheme..Let's say you want authentiction for PPP services and if user is authenticated for any other services (like EXEC or so) earlier (before starting PPP), with that keyword authentication will not be "needed" during PPP..
aaa authentication ppp default if-needed group radius local
PPP authentication (for the list default) uses methods radius then local.
The if-needed keyword automatically permits ppp for users that have
successfully authenticated using exec mode. If the EXEC facility has
authenticated the user, RADIUS authentication for PPP is not performed.
This is necessary for clients that use terminal window after dial.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...