I would like some feedback on whether this would work.
Call agents at home with cisco 871 router. Agents workstation uses vpn client to auth to 871 router that passes credentials back to a concentrator that in turn confirms id/pass with RSA server.
Also, the 871 routers are preset with preshared keys to establish a tunnel between the 871 and concnetrator only. To get the agent on line they use vpn client to auth to the 871 as described above. The idea is to have only one vpn tunnel between agent and corporate. After agent auth local to 871 then they can get access to corporate. There is a voip phone used so all voip and data are only connected after 2-factor auth through local vpn client.
MAke sense or see problems?