We are setting up a new VPN using a ASA5500 that sends authentication requests to an ACS that int turn forwards the authentication a RSA securid server. When using the MS L2TP client the only wat to get it to work is by using PAP. How secure is this? Is the authentication encapsulated in IPSEC? Since we are using sureid tokens if the username and password is sent in cleartext is there a real problem if someone does intercept it?
using PAP with L2TP/IPSEC does *NOT* send your password in clear text over the network (or internet) because the PAP is encapsulated within the IPSEC tunnel - you can prove this by running a Network packet trace with Wireshark etc & see the password isn't in "clear text" (I am going to assume you are using 3DES or AES)
There "more secure" methods.. first came PAP.. then CHAP (which required passwords be in "reservably encrypted format" this is why Microsoft released the "more secure" MSChapV2 - Today I would look at PEAP (Protected Extensible Authentication Protocol) PEAP-EAP-TLS Smartcards, also look into IKEv2 "always on VPN" (Cisco created PEAPv1/EAP-GTC or EAP-Fast)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...