Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
0
Helpful
3
Replies

VPN client

g.leonard
Level 1
Level 1

‎02-27-2006 03:49 AM - edited ‎02-21-2020 02:16 PM

Where are the keys on the VPN Client stored? Do they need to be secured?

Labels:
0 Helpful
3 Replies 3

jmia
Level 7
Level 7

‎02-27-2006 06:01 AM

The VPN client password is stored locally on the users PC/laptop. You can view this by going to:

C:\Program Files\Cisco Systems\VPN Client\Profiles

You can open the .pcf file in notepad and you’ll see that the password is encrypted i.e.

GroupPwd= enc_GroupPwd=xxxxxxyyyyyzzzzz………

If you have a lot of VPN client users, then I would suggest that you use a local RADIUS server to authenticate the users when they connect, this is better for security.

Hope this helps

Jay

0 Helpful

g.leonard
Level 1
Level 1
In response to jmia

‎02-27-2006 07:10 AM

Thanks Jay. Is it safe here? Could it be cracked? What sort of encryption is used? Just worried if a remote access laptop was stolen etc

We use pre-shared keys for our device authentication and then user authentication via TACACS+ server as per Cisco docos for remote access VPNS.

0 Helpful

sid916207
Level 1
Level 1

‎02-27-2006 08:02 PM

Hi Jay,

I have site to site vpn enabled to ip 1.2.3.4

on the same subnet at far end there is a https site which is not opening.

I m able to open it bypassing pix but behind pix the site is not opening.

Please tell me what to do.

I'm pasting the access-list details.

access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 192.168.164.0 255.255.255.0

access-list inside_outbound_nat0_acl permit ip 88.1.3.0 255.255.255.0 10.0.0.0 255.0.0.0

access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 10.0.0.0 255.0.0.0

access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 192.168.9.0 255.255.255.0

access-list inside_outbound_nat0_acl deny ip 192.168.165.0 255.255.255.0 host 15.137.136.250

access-list inside_outbound_nat0_acl deny ip 192.168.165.0 255.255.255.0 host 15.137.146.166

access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 15.137.0.0 255.255.0.0

access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 host 192.168.1.3

access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 10.15.0.0 255.255.0.0

access-list outside_cryptomap_20 permit ip 89.1.3.0 255.255.255.0 10.0.0.0 255.0.0.0

access-list outside_cryptomap_20 permit ip 192.168.165.0 255.255.255.0 10.0.0.0 255.0.0.0

access-list outside_cryptomap_20 deny ip 202.41.233.0 255.255.255.0 host 15.137.136.250

access-list outside_cryptomap_20 deny ip 202.41.233.0 255.255.255.0 host 15.137.146.166

access-list outside_cryptomap_20 permit ip 192.168.165.0 255.255.255.0 15.137.0.0 255.255.0.0

access-list outside_cryptomap_40 permit ip 192.168.165.0 255.255.255.0 192.168.164.0 255.255.255.0

The site was before hosted on 15.137.146.166 and was accessable now it has moved to 15.137.146.78 and i tried to add this ip but no success.

Please help me .

Many thanks in advance.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents