cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
764
Views
0
Helpful
5
Replies

Hightech Security Solutions

jsteffensen
Level 1
Level 1

I have been implementing some VPN solutions based on PIX 515 in HQ and VPN Client (IPSec) on remote laptops.

Since the VPN Client does not run on Win2000, I used PPTP (also Terminated on the Pix) with User-authentication done via ACS 2.5.

Unfortenately, it's not good enough.... (Security speaking)

What I would like to set up is:

- Pix (if possible) as VPN Terminatot in HQ.

- Clients using Win98/Win2000 connecting through VPN.

- User Authentication ++ is done with X.509 Certificate and/or Onetime Passwords (Like SecureCard from RSA)in adition to Username and Password (As by Win2000 PPTP)

- User Accounting must be done in HQ.

As I said: The Pix is already here, ACS is here, VPN software for Win98 & 2000 is here(Based on different protocols)

Does anyone have any idea of setting up authentication ssing username&Password with Certificates? Does IPSec support this?

Does anyone have any idea of setting up authenticating using one-time-password systems?

Best regards

Jarle

5 Replies 5

ccs
Level 1
Level 1

Hi Jarle,

We use ACE Server from RSA Security in combination with CS ACS 2.4. We use SecurID hardware tokens. The AAA mechanism is primarily handled bij ACS which sends the request through to ACE Server to verify the token-code. We are using this for quite some time now and this works well. As an example. When a user logs in to the system he/she gets a prompt for user/password. When using a token you fill in the user and the password is a combination of a PIN-code and the code displayed on the token. It is very user friendly.

I have no experience with IPSEC, Certificates and VPN but are in the process of investigating that right now.

Regards and success,

Erik

What kind of client-software are you using?

Sounds like THE solution for us.

Regards

Jarle

s-kawar
Level 1
Level 1

Recommended solution is to introduce a PKI certification protocol & TACACS++ security access control.

jomccloud
Level 1
Level 1

Absolutely you can use certificates with the Windows 2000 native IPSec/PPTP client. If fact, the Windows 2000 client only supports certificate authentication (i.e. no pre-shared keys). Kind of a bummer.

Here's a link with documentation for configuring the PIX for certificate support - (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/ipsec/configca.htm)

mharitakis
Level 1
Level 1

I was wondering you use pptp with mppe and ACS 2.5 and you use tacacs+ protocol.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: