using IPSec on a Cisco 2620 Dial in Access Server

gentian_hila · ‎02-06-2003

I have some users with Windows 2000 that dial in an access server Cisco 2620. But i see that some other people connect to my company network. I've changes several times the passwords of my clients but it seems that somehow they are stolen again. So i want to implement IPSec with a preshared key on Windows 2000 and Cisco access server. I use AAA method with Tacacs. I've configured Windows 2000 with a preshared key. I want to do it now on Cisco access server (i use a pool of dymanic IP addresses on RAS).

What should i do on the Access server

Any help or idea would be deeply appreciated.

Gentian

phaluska · ‎02-10-2003

Hi Gentian,

I don`t think IPSec is an appropriate solution for this problem. Try to find some stronger authentication solution than using static passwords, i.e. RSA SecurID or ActivCard, if you have Win-based network. Of course you can combine authentication and CiscoSecure ACS, look for docs at CCO.

lnjogu · ‎03-17-2003

I agree, using dynamic key authentication solutions would be the best way to go - RSA SecurID would be a go go!!

preston · ‎03-02-2003

I would seriously consider checking your NT Server for programs that are giving those passwords away. RA, VNC, etc.