Lab Minutes Forum

Technical Discussion => Security => Topic started by: islamm on October 18, 2014, 02:51:57 AM

Title: ASA VPN - radius vs ldap (AA) AAA
Post by: islamm on October 18, 2014, 02:51:57 AM
Hi Experts,

Trying to understand why one would use RADIUS server (ACS) for VPN authentication (seems to be the popular method) rather than LDAP (AD) for authentication, authorization and accounting purposes.  Any tips is greatly appreciated.

Thanks in advance.


Mo

Title: Re: ASA VPN - radius vs ldap (AA) AAA
Post by: MC on October 19, 2014, 10:01:14 PM
It depends on what you are trying to accomplish. Both protocols work fine if all you are doing are basic user authentication and attribute mapping. RADIUS is a more popular option probably because it has been around longer and it has more vendor-specific attributes available. Another reason would be support for one-time token servers. If you already have either ACS or ISE, I would suggest you use that, but if not, you can use LDAP.
SimplePortal 2.3.7 © 2008-2024, SimplePortal