[c-nsp] VPN3000 intermittent GUI login problem & hardening

[Cis Ckp]

Hi,
 
I recently took over the support of one VPN 3000 & was tasked to
harden it like : 
- use TACACS for login authentication
- insert login banner
- recovery password with "service password-encryption"
 
I'm not sure if all these requests from our security can be
supported on VPN3000 - can someone give input & provide
a url to harden it?
 
 
Secondly, I kept getting intermittent login problem (which
sometimes go away by itself & I heard from my predecessor
that sometimes it needs reboot).  The message is :

Invalid Login or Session Timeout
VPN 3000 Concentrator
   Login: admin
Password: xxxxxxxxxx

Copyright ⌐ 1998-2004 Cisco Systems, Inc.

I found that when this problem happens, the VPN clients
can still login while I can still login thru the console, only
the http/https web interface (via public interface) gave the
above login error.  We thought it's a bug with the VPN
software so we upgraded using vpn3000-4.1.7.F-k9.bin
image (was 4.0.1x-k9  previously  but this problem
still persists;  cant remember what's "x")
 
If you need the savelog, I can email it to you but I cant
seem to find anything.  As I'm new to this, I still havent
track down to which syslog server this box logs to.
 
 
Thanks for any help
 
 
 

Send instant messages to your online friends http://asia.messenger.yahoo.com