ESA Authentication Methods and PPP Compatibility

The VPN server must be configured to allow all protocols a clients might want to use. End-user VPN clients only need to be configured for a single protocol.

Whenever more than one protocol is supported, VPN clients should be configured to use MS-CHAPv2 with 128-bit MPPE. This means that PAP is only recommended for Compound Authentication.

Authentication Method

PAP

MS-CHAPv2

SMS-Based OTPs

Supported

Supported

On-demand SMS-Based OTPs

Supported

Supported

Mobile-Application (OTP or Push)

Supported

Supported

Mobile Application (Compound Authentication)

Supported

Not supported

Hard Token OTPs

Supported

Supported

Hard Token (Compound Authentication)

Supported

Not supported

Active Directory passwords without OTPs

Supported

Supported