ESA Authentication Methods and PPP Compatibility
The VPN server must be configured to allow all protocols clients might want to use. End-user VPN clients only need to be configured for a single protocol.
Whenever more than one protocol is supported, VPN clients should be configured to use MS-CHAPv2 with 128-bit MPPE. This means that PAP is only recommended for Compound Authentication.
Authentication Method |
PAP |
MS-CHAPv2 |
|---|---|---|
SMS-Based OTPs |
Supported |
Supported |
On-demand SMS-Based OTPs |
Supported |
Supported |
Mobile-Application (OTP or Push) |
Supported |
Supported |
Mobile Application (Compound Authentication) |
Supported |
Not supported |
Hard Token OTPs |
Supported |
Supported |
Hard Token (Compound Authentication) |
Supported |
Not supported |
Active Directory passwords without OTPs |
Supported |
Supported |