AutoReconnect VPN

Unanswered Question
Oct 10th, 2008
User Badges:

We are using the Cisco VPN client to connect police vehicles to internal systems over a broadband connection. The officers use an RSA token to authenticate and initiate the tunnel at the beginning of his shift. After logging on the vehicle is parked in a garage, at the station. When the officer receives an emergency dispatch the tunnel has timed out and the officer needs to log back in. Can the VPN client be configured to automatically re-establish the tunnel without requiring officer intervention?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

No - as I am sure you are aware the RSA token key is time sensitive, as such no key (4 digit PIN and the output of the token) are the same for any 60 second period.


That is the benefit of a token based 2 factor authentication method, something you have and something you know.


HTH>

wwkruer716 Fri, 10/10/2008 - 07:08
User Badges:

Is there another VPN client that will work with the CISCO 515 or an ASA that would automatically reconnect?


I understand the security aspect but I also need to consider the safety of the officer.

No - the issue is not with the software or the platform you are using for access, it's the method of authentication.


You are using a system that requires user input, with methods that cannot be automated.


Move from 2 (something you know something you have) factor secure authentication - to username and password, this will solve your issue.


But then if the car is stolen.....the access to your internal network is insecure....and I would expect that an authorised user may have un-limited access.......your internal network is wide open to anyone.


HTH>



wwkruer716 Fri, 10/10/2008 - 07:21
User Badges:

Is there a way to change the timeout value of the tunnel? So if the car is not communicating on the network for some period of time (1 hour?) the tunnel would not need to be re-established?


Thanks for your help.

Of course - but then do you really want a device connected to your internal network, securly....unattended with no limits - surely not.


To be honest - all you have to say to the officers, you are the police of the network....surely they understand the need for secure communications???

wwkruer716 Fri, 10/10/2008 - 08:26
User Badges:

I wish it was that simple. What would the parameters that would need to be configured to allow a longer timeout on the tunnel?

Actions

This Discussion