[c-nsp] ASA VPN with Local CA on the ASA
Dustin Schuemann
dschuemann at gmail.com
Sat Aug 20 21:47:22 EDT 2011
We are doing a proof of concept for this exact same setup. And the issue we
are running into is that the One time password isn't really one time. It is
still usable until it expires. We also don't want the certificate to be
exportable. We want the user to have a certificate per device.
Is this possible?
On Wed, Aug 17, 2011 at 5:14 PM, Ian Henderson <ianh at ianh.net.au> wrote:
> On 18/08/2011, at 2:54 AM, Jay Nakamura wrote:
>
> > information they store. But don't have the budget nor resources to
> > keep up the current RSA SecureID server which is a bit overkill for
> > them. They thought certificate based auth will be not as good as
> > SecureID but better than just user/pass.
>
> There are one-time-password solutions other than SecureID. Check out
> yubico.com - simple, open source software, cheap hardware ($25USD per
> user), install your own AES keys (avoids the recent SecureID hack).
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list