So there is really NO viable replacement of DA to this day?

Copper Contributor

Hi everyone,

As we all know, DA was an SSL always ON VPN based on computer object, NOT user authentication. That meant the laptop would establish DA tunnel way before any user attempts to login. Perfect, solved the cached credentials nightmare for years.


Azure VPN claims to replace DA, only I find that to be a fallacy. Sure, PKI-based Azure VPN works just fine.  However it is NOT an SSL VPN, it is ikev2 (UDP 500 and 4500 often blocked by ISPs). It isn't possible to setup an SSTP tunnel based on PKI auth. It must be user auth.


The only SSL VPN with Azure is the user authentication based one, NOT certificate which means we do not have a true DA replacement today?

How could that be? Tell me I am missing something please?




0 Replies