I have been asked to evaluate options to add a second factor to authentication for our existing VPN infrastructure (two VPN 3000 concentrators in an active/standby pair).
What's the most popular thing for this? Is it RSA SecureID tokens and the AM server? I think I looked into that many years ago, but it was a little too expensive for the place I was working at. Are there cheaper but still popular options, or are they not worth looking at?
If we go with hardware tokens, we'll definitely need a server of some kind, correct? The 3000 concentrator can't handle that internally? That's the impression I get, but want to make sure.
Are smart cards used much for this? I have a little bit of experience (very little) with hardware tokens, but haven't used smart cards for authenticatin.