Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
2
Replies

Cisco SSL VPN - lose authentication layer when switching from IPSec?

nleachman
Level 1
Level 1

‎11-03-2005 06:29 AM - edited ‎02-21-2020 02:04 PM

Hi,

I currently manage a Cisco 3000 concentrator which terminates IPSec tunnels for our users. The users are authenticated with a group ID and password (they never know the group password), and then with their own user ID and password; so we have two layers of authentication.

I've started looking into SSL VPN's (on the same 3000), and from what I can see there is only one authentication layer - the user ID and password. If this is stolen the thief can gain whatever access the legitimate user has to the network. The thief doesn't even need to exert any effort to get the SSL client - it downloads for them automatically.

Am I missing a layer in the SSL option somewhere?

nick

Labels:
0 Helpful
2 Replies 2

jackko
Level 7
Level 7

‎11-03-2005 04:32 PM

i guess that's the trade off for convenience. just like we use net banking these days. all you need is a username/account number and a password.

further, you may configure the webvpn authentication against digital certificate:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee1e4.html#wp1309633

0 Helpful

nleachman
Level 1
Level 1
In response to jackko

‎11-03-2005 07:24 PM

True enough; but why do I feel like a lamb being led to the slaughter? :-)

Thanks for the tip on the certs - I was hoping that some such option eisted; but I couldn't find it.

nick

0 Helpful
Customers Also Viewed These Support Documents