VPN Authentication confusion

[burano]

Hi,

If you were to use L2TP/IPSEC as the VPN protocols I have read you need to
use both computer and user certs. But i thought you only needed to use a
user cert if your using EAP/TLS as the authentication protocol. Can anyone
set me straight on this one?

Secondly, if I use EAP/TLS and a user cert do I also need windows or radius
authentication also. I wish to use IAS with AD database for user
authentication but then where does the user cert come into play? Bit
confused about this.

Thanks

 

[Steven Umbach]

With normal user authentication such as MSchapv2 you can use l2tp with just
machine certificates on both the server and client. You can use a user
certificate/smart card if you select and configure EAP. You don't have to use
IAS in order to use EAP. IAS just centralizes remote access policies and
authentication. For instance if you have ten remote access servers, instead of
configuring remote access policies and authentication on all of them, configure
them to be IAS clients in server properties/security/authentication provider and
then configure the IAS server. Once you configure for radius authentication you
will see the remote access policies folder disappear. --- Steve

 

[rav]

Thanks

With normal user authentication such as MSchapv2 you can use l2tp with just
machine certificates on both the server and client. You can use a user
certificate/smart card if you select and configure EAP. You don't have to use
IAS in order to use EAP. IAS just centralizes remote access policies and
authentication. For instance if you have ten remote access servers, instead of
configuring remote access policies and authentication on all of them, configure
them to be IAS clients in server properties/security/authentication provider and
then configure the IAS server. Once you configure for radius authentication you
will see the remote access policies folder disappear. --- Steve