02-27-2006 03:49 AM - edited 02-21-2020 02:16 PM
Where are the keys on the VPN Client stored? Do they need to be secured?
02-27-2006 06:01 AM
The VPN client password is stored locally on the users PC/laptop. You can view this by going to:
C:\Program Files\Cisco Systems\VPN Client\Profiles
You can open the .pcf file in notepad and youll see that the password is encrypted i.e.
GroupPwd= enc_GroupPwd=xxxxxxyyyyyzzzzz
If you have a lot of VPN client users, then I would suggest that you use a local RADIUS server to authenticate the users when they connect, this is better for security.
Hope this helps
Jay
02-27-2006 07:10 AM
Thanks Jay. Is it safe here? Could it be cracked? What sort of encryption is used? Just worried if a remote access laptop was stolen etc
We use pre-shared keys for our device authentication and then user authentication via TACACS+ server as per Cisco docos for remote access VPNS.
02-27-2006 08:02 PM
Hi Jay,
I have site to site vpn enabled to ip 1.2.3.4
on the same subnet at far end there is a https site which is not opening.
I m able to open it bypassing pix but behind pix the site is not opening.
Please tell me what to do.
I'm pasting the access-list details.
access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 192.168.164.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 88.1.3.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 192.168.9.0 255.255.255.0
access-list inside_outbound_nat0_acl deny ip 192.168.165.0 255.255.255.0 host 15.137.136.250
access-list inside_outbound_nat0_acl deny ip 192.168.165.0 255.255.255.0 host 15.137.146.166
access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 15.137.0.0 255.255.0.0
access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 host 192.168.1.3
access-list inside_outbound_nat0_acl permit ip 192.168.165.0 255.255.255.0 10.15.0.0 255.255.0.0
access-list outside_cryptomap_20 permit ip 89.1.3.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list outside_cryptomap_20 permit ip 192.168.165.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list outside_cryptomap_20 deny ip 202.41.233.0 255.255.255.0 host 15.137.136.250
access-list outside_cryptomap_20 deny ip 202.41.233.0 255.255.255.0 host 15.137.146.166
access-list outside_cryptomap_20 permit ip 192.168.165.0 255.255.255.0 15.137.0.0 255.255.0.0
access-list outside_cryptomap_40 permit ip 192.168.165.0 255.255.255.0 192.168.164.0 255.255.255.0
The site was before hosted on 15.137.146.166 and was accessable now it has moved to 15.137.146.78 and i tried to add this ip but no success.
Please help me .
Many thanks in advance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide