Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco VPN client and kerberos

Someone know if the rfc4556 is implemented in cisco vpn client (http://www.faqs.org/rfcs/rfc4556.html)

5 REPLIES
Cisco Employee

Re: Cisco VPN client and kerberos

The ASA supports kerberos authentication, which the VPN client authenticates against. VPN client does support Certificate authentication.

PS. If you found this response helpful, please rate it.

New Member

Re: Cisco VPN client and kerberos

if my knowledge of Kerberos are correct,is the VPN client that has to do authenticacion against the KDC. Acording the documentation is posible with login/password but not indicate if is posible with Certificates. Kerberos certificate authentication uses "special" method that is explained in rfc4556.

Cisco Employee

Re: Cisco VPN client and kerberos

The VPN client will get an Auth Request from the ASA, which is what will talk do Kerberos authentication on behalf of the client. The VPN client itself doesn't have the ability to do that as it does not communicate directly with the Kerberos server.

New Member

Re: Cisco VPN client and kerberos

Sorry, but i don't understand. How do ASA to use private key (in the client) to negotiate with KDC ?

Please, can you explain me who adquire the TGT and how ?

Cisco Employee

Re: Cisco VPN client and kerberos

You can't have the client do that. Only the ASA.

196
Views
0
Helpful
5
Replies
CreatePlease login to create content