Cisco Cisco ASA 5520 Adaptive Security Appliance 技术手册
Packet Level
The EAP identity request is encapsulated in "Extensible Authentication" of the IKE_AUTH send by the ASA.
Along with the identity request, IKE_ID and certificates are sent.
Along with the identity request, IKE_ID and certificates are sent.
All subsequent EAP packets are encapsulated in IKE_AUTH. After the supplicant confirms the method
(EAP−PEAP), it starts to build an Secure Sockets Layer (SSL) tunnel which protects the MSCHAPv2 session
used for authentication.
(EAP−PEAP), it starts to build an Secure Sockets Layer (SSL) tunnel which protects the MSCHAPv2 session
used for authentication.
After multiple packets are exchanged the ISE confirms success.