Please Help! Microsoft VPN Vs Cisco VPN Client

Answered Question
Jul 16th, 2008

Could somebody please advise if the Cisco VPN Client is more secure than the Built-in microsoft VPN on windows XP? If the Cisco client is more secure than why? Does the Microsoft one not use IPSEC and just PPTP?

Please advise - Very urgent!

I'm sure a Cisco VPN Concentrator with Cisco Client is more secure but I not sure exactly why.

I have this problem too.
0 votes
Correct Answer by JORGE RODRIGUEZ about 5 years 9 months ago

Carlton,

One have to take a deeper look at both, all your questions will be answered after you look at these links.

Ipsec is an opened standard, Cisco VPN client or any VPN client that is Ipsec based must meet these standards. You will learn more by reading these few links bellow, by the end of the reading you will be have a better

perspective as to which client you would be more gear towards using as a network professional.

Personally I have been moving away from PPTP gradually and replacing it with Cisco VPN clients. Don't get me wrong, PPTP is still widely used out there but it is more vulnerable.

With Ipsec based VPN you have a more wide selection of authentication algorythms,

encryptions granularity as a way to implement an extreamely secure VPN architecture for RA.

Introduction to IPsec

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

introduction to PPTP/L2TP

http://www.clavister.com/manuals/ver8.6x/manual/vpn/pptp_basics.htm

Analysis of MS PPTP implemetation and vulnerabilities

http://www.schneier.com/paper-pptp.html

http://www.schneier.com/paper-pptp.pdf

Other workarounds for using MS client using L2TP over Ipsec

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807213a7.shtml

Also, you may do a google search on " hacking PPTP " or " Ipsec" to get a more insight of vulnerabilities.

Rgds

Jorge

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 3.5 (2 ratings)
ccannon88567 Wed, 07/16/2008 - 05:04

a.alekseev - Are you trying to say Cisco VPN is better because ut uses DES on the data payload?

Does the MS VPN not encrypt the data payload at all?

Do they both use IPSEC for end to end privacy?

ps - Is tripple DES actually AES?

Would greatly appreciate answers!

ccannon88567 Wed, 07/16/2008 - 05:04

a.alekseev - Are you trying to say Cisco VPN is better because ut uses DES on the data payload?

Does the MS VPN not encrypt the data payload at all?

Do they both use IPSEC for end to end privacy?

ps - Is tripple DES actually AES?

Would greatly appreciate answers!

Correct Answer
JORGE RODRIGUEZ Wed, 07/16/2008 - 08:12

Carlton,

One have to take a deeper look at both, all your questions will be answered after you look at these links.

Ipsec is an opened standard, Cisco VPN client or any VPN client that is Ipsec based must meet these standards. You will learn more by reading these few links bellow, by the end of the reading you will be have a better

perspective as to which client you would be more gear towards using as a network professional.

Personally I have been moving away from PPTP gradually and replacing it with Cisco VPN clients. Don't get me wrong, PPTP is still widely used out there but it is more vulnerable.

With Ipsec based VPN you have a more wide selection of authentication algorythms,

encryptions granularity as a way to implement an extreamely secure VPN architecture for RA.

Introduction to IPsec

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

introduction to PPTP/L2TP

http://www.clavister.com/manuals/ver8.6x/manual/vpn/pptp_basics.htm

Analysis of MS PPTP implemetation and vulnerabilities

http://www.schneier.com/paper-pptp.html

http://www.schneier.com/paper-pptp.pdf

Other workarounds for using MS client using L2TP over Ipsec

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807213a7.shtml

Also, you may do a google search on " hacking PPTP " or " Ipsec" to get a more insight of vulnerabilities.

Rgds

Jorge

ccannon88567 Wed, 07/16/2008 - 09:14

Jorge,

Thanks for taking the time to locate and put together all this information for me. Exactly the sort of reply I was looking for - couldn't have been better!

Carlton

JORGE RODRIGUEZ Wed, 07/16/2008 - 10:30

Carlton,

You are very welcome, it is a pleasure to help, as a network professionals we are all on the same path and it is good to revisit these links and read them all from time to time.

Thank you for the rating.

Rgds

Jorge

VASHKAR CHATTERJEE Sat, 07/19/2008 - 09:05

If you want to user Miicrosoft VPN client with a Cisco device, you have to configure "vpdn" on the Cisco device to activate the PPTP

once done you connect to the cisco device using Microsoft VPN.

You can use Microsoft routing and remote access service on the Cisco device end to authenticate the users using the Active Directory. The RAS can be configured as RADIUS server and Cisco will get the authentication and authorization form the RAS of Microsoft. you can also configure local authentication for vpdn

Actions

Login or Register to take actions

This Discussion

Posted July 16, 2008 at 4:44 AM
Stats:
Replies:7 Avg. Rating:3.5
Views:608 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard