[c-nsp] Can a Cisco 837 terminate a Road warrior VPN?
Brett Looney
brett at looney.id.au
Sun Aug 7 19:03:16 EDT 2005
At 01:25 8/08/2005, you wrote:
>I would recommend against PPTP. It is easily compromised.
Without wanting to start a religious war, I would *love* for someone to
point me at an example of this. I've read just about everything I can find
and while just about everyone agrees that PPTP is somewhat less secure than
IPSEC and *might* be easily compromised I have yet to see anything conrect.
Note that there are two distinct versions of PPTP - the original version
really was trivial to compromise but I haven't seen anything actually
*proven* for the later one which had a whole bunch of fixes in it. But,
happy to be proven wrong...
>Look up and see if the 837 can do easy VPN server.
>If yes, then just search for an example of that....
Doesn't have to be Easy VPN - you can do the normal cisco VPN client with
IPSEC, etc. We use this in many places but it does have the disadvantage of
needing to have a VPN client installed on the remote PC (bring on extra
support and potential compatibility issues). Hence the choice of PPTP in
some cases.
The biggest downside of PPTP is that in the MS implementation it refuses to
encrypt the GRE tunnel is you're using anything other than MS-CHAP.
Therefore, it can't be used with one-time password systems like SecurID.
Kinda sucks...
Anyway - sorry about the rant - but please tell me about the PPTP issues...
B.
More information about the cisco-nsp
mailing list