L2TP ppp authentication protocol for ASA 5510

Is anyone using L2TP for remote access connections to an ASA 5510? If so, what PPP authentication protocol are you using?

Cisco TAC assisted in configuring the L2TP remote access on the ASA, and configured it with PAP saying that was the only protocol that would work because the authentication server we are using is Kerberos (the server is a Windows Active Directory domain controller). I'm wary of using a protocol that sends the password in clear text. Can this be right? Shouldn't I be able to use Chap v1 or 2?

The fos version on the asa is 7.2(1). We're using the cli for configuration.

Any specific suggestions as to how this might be set up with a more secure authentication protocol would be appreciated.

Reply to
Loading thread data ...


this is what worked for me,

tunnel-group DefaultRAGroup general-attributes password-management

tunnel-group DefaultRAGroup ppp-attributes no authentication chap authentication ms-chap-v2

This way you'll enable password change through VPN client. You can finde more info here

formatting link


snipped-for-privacy@yahoo.com nap=EDsal(a):

Reply to


Thanks for the reply, but I'm using the integrated windows l2tp client with kerberos authentication, not the cisco client with radius authentication, so I don't think the link you referred me to applies to my situation.

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.