[c-nsp] VPN 3005 issues.
Michael Markstaller
mm at elabnet.de
Fri Oct 29 04:27:38 EDT 2004
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Dan Wilson
> Sent: Friday, October 29, 2004 1:04 AM
...
> I'll post a question. How do I setup CISCO VPN CLIENTS to
> authenticate and access the local WINDOWS ACTIVE DIRECTORY
> environment? I've been scouring documents and links for a
> couple days on and off, and can't seem to find something
> close. Why, I'm not sure, as I'd guess this would be the
> single most popular way to connect to these boxes today.
Sorry, but I have to comment on this ;)
Although maybe popular, it leaves some security risks when used with PSK
(groups/passwords) without any further measures:
- it's possible you reveal not only your VPN-credentials but also your
Domain-password in one single step to attackers
- NT-Domain passwords are commonly weak and it's (by default) possible
to save them on the client giving you another risk
I'd use only certificates and/or one-time-passwords for VPN-access..
Still willing to take these risks, what Dave wrote should work fine.
Michael
More information about the cisco-nsp
mailing list