Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
632
Views
0
Helpful
7
Replies

AutoReconnect VPN

wwkruer716
Level 1
Level 1

‎10-10-2008 06:18 AM - edited ‎02-21-2020 03:59 PM

We are using the Cisco VPN client to connect police vehicles to internal systems over a broadband connection. The officers use an RSA token to authenticate and initiate the tunnel at the beginning of his shift. After logging on the vehicle is parked in a garage, at the station. When the officer receives an emergency dispatch the tunnel has timed out and the officer needs to log back in. Can the VPN client be configured to automatically re-establish the tunnel without requiring officer intervention?

Labels:
0 Helpful
7 Replies 7

andrew.prince
Level 10
Level 10

‎10-10-2008 07:01 AM

No - as I am sure you are aware the RSA token key is time sensitive, as such no key (4 digit PIN and the output of the token) are the same for any 60 second period.

That is the benefit of a token based 2 factor authentication method, something you have and something you know.

HTH>

0 Helpful

wwkruer716
Level 1
Level 1
In response to andrew.prince

‎10-10-2008 07:08 AM

Is there another VPN client that will work with the CISCO 515 or an ASA that would automatically reconnect?

I understand the security aspect but I also need to consider the safety of the officer.

0 Helpful

andrew.prince
Level 10
Level 10
In response to wwkruer716

‎10-10-2008 07:15 AM

No - the issue is not with the software or the platform you are using for access, it's the method of authentication.

You are using a system that requires user input, with methods that cannot be automated.

Move from 2 (something you know something you have) factor secure authentication - to username and password, this will solve your issue.

But then if the car is stolen.....the access to your internal network is insecure....and I would expect that an authorised user may have un-limited access.......your internal network is wide open to anyone.

HTH>

0 Helpful

wwkruer716
Level 1
Level 1
In response to andrew.prince

‎10-10-2008 07:21 AM

Is there a way to change the timeout value of the tunnel? So if the car is not communicating on the network for some period of time (1 hour?) the tunnel would not need to be re-established?

Thanks for your help.

0 Helpful

andrew.prince
Level 10
Level 10
In response to wwkruer716

‎10-10-2008 07:33 AM

Of course - but then do you really want a device connected to your internal network, securly....unattended with no limits - surely not.

To be honest - all you have to say to the officers, you are the police of the network....surely they understand the need for secure communications???

0 Helpful

wwkruer716
Level 1
Level 1
In response to andrew.prince

‎10-10-2008 08:26 AM

I wish it was that simple. What would the parameters that would need to be configured to allow a longer timeout on the tunnel?

0 Helpful

andrew.prince
Level 10
Level 10
In response to wwkruer716

‎10-10-2008 01:18 PM

Again - honestly, you are not fixing the problem, you are making it worse.

In answer to your question, in your vpn profile config:-

vpn-session-timeout <>

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents