Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco SSL VPN - lose authentication layer when switching from IPSec?

Hi,

I currently manage a Cisco 3000 concentrator which terminates IPSec tunnels for our users. The users are authenticated with a group ID and password (they never know the group password), and then with their own user ID and password; so we have two layers of authentication.

I've started looking into SSL VPN's (on the same 3000), and from what I can see there is only one authentication layer - the user ID and password. If this is stolen the thief can gain whatever access the legitimate user has to the network. The thief doesn't even need to exert any effort to get the SSL client - it downloads for them automatically.

Am I missing a layer in the SSL option somewhere?

nick

2 REPLIES
Gold

Re: Cisco SSL VPN - lose authentication layer when switching fro

i guess that's the trade off for convenience. just like we use net banking these days. all you need is a username/account number and a password.

further, you may configure the webvpn authentication against digital certificate:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee1e4.html#wp1309633

New Member

Re: Cisco SSL VPN - lose authentication layer when switching fro

True enough; but why do I feel like a lamb being led to the slaughter? :-)

Thanks for the tip on the certs - I was hoping that some such option eisted; but I couldn't find it.

nick

120
Views
0
Helpful
2
Replies
CreatePlease to create content