Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to control/prevent the profile (.pcf) files on VPN client?

My setup is like this:

VPN client-->Concentrator 3030 --> PIX--> Microsoft IAS (Radius)-->Microsoft ActiveDirectory.

I use group authentication enabled for the client to authenticate with the concentrator and then for the user authentication MS Active directory is used through a Radius server (microsoft IAS).

a) All the remote users connect to the Cisco VPN concentrator using the local profile(.pcf). There are two profiles available with one having more access privileges on the lan and other is having very limited access.

(b) The remote client first uses Group Authentication method to authenticate to the VPN concentrator using the username and encrypted password stored in the local profile (*.pcf).

(c) After that the user will get authenticated on to the LAN by the Active Directory through IAS (RADIUS) server.

Since the local profile(.pcf) is stored on the client side, which also has a factor which determines the type of privilege (either more or less privileges), he gets on the network. So currently, if a remote client who supposed to have very limited access on the LAN, obtains a privileged access profile to connect, the risk is high since he gets more privileges on the LAN.

Currently I noticed that some users copy the more privileged access profile themselves and replaced it with their original profile file to obtain more access.

Any help/advice on how to control this or is there any alternate solution available on VPN concentrator or on Microsoft IAS (RADIUS)/Active Directory?

1 REPLY
New Member

Re: How to control/prevent the profile (.pcf) files on VPN clien

I think I am also looking for a solution for the problem you stated... let me know if you get any.... Jessica.

142
Views
0
Helpful
1
Replies
CreatePlease login to create content