Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ovt Bronze
Bronze

VPN3k: HYBRID security properties in Cisco implementation

Hi!

Does anybody know what security properties does the HYBRID authentication method have in Cisco implementation? Specifically, how do they transfer HASH of the pre-shared key in the Notify Payload from the VPN Client to the concentrator? Is it protected by concentrator Public key? Or is this still vulnerable to the sniffing attacks?

Thx,

Oleg Tipisov,

REDCENTER

1 REPLY
Silver

Re: VPN3k: HYBRID security properties in Cisco implementation

For the Cisco VPN 3000 Concentrator, Cisco VPN Client (software client) and Cisco VPN 3002 Hardware Client, Cisco has implemented a feature Hybrid Authentication Mode for IKE.

Cisco's solution extends the Hybrid Auth model by additionally requiring a group pre-shared key for VPN group identification. The group pre-shared key is used solely to associate users with their appropriate VPN groups, followed by the XAUTH exchange that then authenticates the user.

126
Views
0
Helpful
1
Replies
CreatePlease login to create content