Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN client

Where are the keys on the VPN Client stored? Do they need to be secured?

  • Other Security Subjects
3 REPLIES
Gold

Re: VPN client

The VPN client password is stored locally on the users PC/laptop. You can view this by going to:

C:\Program Files\Cisco Systems\VPN Client\Profiles

You can open the .pcf file in notepad and you’ll see that the password is encrypted i.e.

GroupPwd= enc_GroupPwd=xxxxxxyyyyyzzzzz………

If you have a lot of VPN client users, then I would suggest that you use a local RADIUS server to authenticate the users when they connect, this is better for security.

Hope this helps

Jay

New Member

Re: VPN client

Thanks Jay. Is it safe here? Could it be cracked? What sort of encryption is used? Just worried if a remote access laptop was stolen etc

We use pre-shared keys for our device authentication and then user authentication via TACACS+ server as per Cisco docos for remote access VPNS.

New Member

Re: VPN client

Hi Jay,

I have site to site vpn enabled to ip 1.2.3.4

on the same subnet at far end there is a https site which is not opening.

I m able to open it bypassing pix but behind pix the site is not opening.

Please tell me what to do.

I'm pasting the access-list details.

access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 192.168.164.0 255.255.255.0

access-list inside_outbound_nat0_acl permit ip 88.1.3.0 255.255.255.0 10.0.0.0 255.0.0.0

access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 10.0.0.0 255.0.0.0

access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 192.168.9.0 255.255.255.0

access-list inside_outbound_nat0_acl deny ip 192.168.165.0 255.255.255.0 host 15.137.136.250

access-list inside_outbound_nat0_acl deny ip 192.168.165.0 255.255.255.0 host 15.137.146.166

access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 15.137.0.0 255.255.0.0

access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 host 192.168.1.3

access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 10.15.0.0 255.255.0.0

access-list outside_cryptomap_20 permit ip 89.1.3.0 255.255.255.0 10.0.0.0 255.0.0.0

access-list outside_cryptomap_20 permit ip 192.168.165.0 255.255.255.0 10.0.0.0 255.0.0.0

access-list outside_cryptomap_20 deny ip 202.41.233.0 255.255.255.0 host 15.137.136.250

access-list outside_cryptomap_20 deny ip 202.41.233.0 255.255.255.0 host 15.137.146.166

access-list outside_cryptomap_20 permit ip 192.168.165.0 255.255.255.0 15.137.0.0 255.255.0.0

access-list outside_cryptomap_40 permit ip 192.168.165.0 255.255.255.0 192.168.164.0 255.255.255.0

The site was before hosted on 15.137.146.166 and was accessable now it has moved to 15.137.146.78 and i tried to add this ip but no success.

Please help me .

Many thanks in advance.

122
Views
0
Helpful
3
Replies