[c-nsp] VPN 3000 Concentrator, SDI, and PPTP

Crist Clark Crist.Clark at globalstar.com
Fri Aug 4 17:13:29 EDT 2006


Trying to come up with a solution for a Cisco VPN Concentrator using
the PPTP protocol with SDI (RSA SecurID) as the authentication method.
As this FAQ from Cisco helpfully explains,

	http://www.cisco.com/warp/public/471/pptp_vpn3k.html 

You cannot use SDI with PPTP and have your PPTP encrypted. Well, our
security policy dictates one-time passwords for remote access (SDI
fits that) and encrypted channels, which encrypted PPTP would scrape
by as acceptable. However, we cannot seem to have both.

I believe the RSA ACE server can do RADIUS, which has the potential
to work with authenticated PPTP. However, I'm afraid RSA's RADIUS
won't
support the extras needed for encrypted PPTP either, so I have not
tried it. See the FAQ question above for what RADIUS extensions one
needs.

However, I would think SDI and PPTP isn't unheard of in a the
corporate
world. Does someone know magic that will satisfy our (sane) security
policy.

BTW, the other end of the connection is a Trio or some other handheld
device that we've not had luck finding IPsec software that will do
SDI. Help there would also solve our problem.

Thanks.
-- 

Crist J. Clark                              
crist.clark at globalstar.com
Globalstar Communications                                (408)
933-4387


B¼information contained in this e-mail message is confidential, intended
only for the use of the individual or entity named above. If the reader
of this e-mail is not the intended recipient, or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that any review, dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this e-mail
in error, please contact postmaster at globalstar.com 


More information about the cisco-nsp mailing list