|
Home > Archive > VPN > December 2006 > VPN Concentrator 3000 using TOKEN for security enhancement
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
VPN Concentrator 3000 using TOKEN for security enhancement
|
|
|
|
| stephen 2006-12-17, 1:11 pm |
| "zillah" <zillah.2ir89m@nospamplease.com> wrote in message
news:zillah.2ir89m@nospamplease.com...
>
> At work we have got cisco VPN 3000 concentrator is currently running , I
> have been assigned to write document about enhancement the VPN security
> by using TOKEN, I have not been given any further information.
find some docs about the tokens you will use.
at work we use SecureID (RSA?), with ACE server as the central
authentication system.
AFAIR the VPN 3000 can talk directly, but every system i have seen uses a
TACACS or RADIUS server as a translator. We use the cisco one, but there are
several alternatives.
So VPN server -> TACACS -> ACE server.
>
> I have done an intensive search , but I could not get some thing that I
> can start with
look for the cisco docs for the 3000 - they should lead you straight to the
info you need.
>
> Any guide will be appreciated ?
try this for some idea of how to do this stuff properly:
http://www.cisco.com/en/US/netsol/n...
804cc4fa.shtml
>
>
> --
> zillah
> ------------------------------------------------------------------------
> zillah's Profile: http://www.futurehardware.in/member.php?userid=301
> View this thread: http://www.futurehardware.in/showthread.php?t=558012
>
> Future hardware - http://www.futurehardware.in
>
--
Regards
stephen_hope@xyzworld.com - replace xyz with ntl
| |
| zillah 2006-12-17, 1:11 pm |
|
> find some docs about the tokens you will use.
i have to recommend one , I have seen alot of organizations are using
SecureID RSA, therefore I am going to recommend this one as well.
> TACACS or RADIUS server as a translator. We use the cisco one, but there
> are
We also use the cisco one which is called cisco Secure Access Control
Server (Cisco Secure ACS V3.3), which uses RADUIS or TACACS+ protocols.
> AFAIR the VPN 3000 can talk directly,
You meant to say VPN 3000 can talk directly to RSA ACE/Server, without
using any traslator such as cisco Secure Access Control Server for
instance,,,,didn't you ?
> but every system i have seen uses a TACACS or RADIUS server as a
> translator.
This is what I have seen as well. I do not why !!!
http://www.netcraftsmen.net/welcher...aabasics01.html
> cisco network devices generally know *how to talk* TACACS+ or RADIUS to
> ACS, and *then* cisco Secure Access Control Server (Cisco Secure ACS,
> V3.3 or V4.0 ) talks to your Active Directory, LDAP, or other
> *authentication database*.
--
zillah
------------------------------------------------------------------------
zillah's Profile: http://www.futurehardware.in/member.php?userid=301
View this thread: http://www.futurehardware.in/showthread.php?t=558012
Future hardware - http://www.futurehardware.in
| |
| stephen 2006-12-17, 7:15 pm |
| "zillah" <zillah.2iyy0t@nospamplease.com> wrote in message
news:zillah.2iyy0t@nospamplease.com...
>
> i have to recommend one , I have seen alot of organizations are using
> SecureID RSA, therefore I am going to recommend this one as well.
>
> We also use the cisco one which is called cisco Secure Access Control
> Server (Cisco Secure ACS V3.3), which uses RADUIS or TACACS+ protocols.
>
> You meant to say VPN 3000 can talk directly to RSA ACE/Server, without
> using any traslator such as cisco Secure Access Control Server for
> instance,,,,didn't you ?
>
> This is what I have seen as well. I do not why !!!
> http://www.netcraftsmen.net/welcher...aabasics01.html
you can get some architecture papers from RSA about how to do this - they
have some integration suggestions for the cisco VPN 3000 on their web site.
it states that the VPN3000 supports "native" securID / ACE server and can
integrate directly, or via Radius.
you need to register on their site to access the info.[vbcol=seagreen]
>
>
> --
> zillah
> ------------------------------------------------------------------------
> zillah's Profile: http://www.futurehardware.in/member.php?userid=301
> View this thread: http://www.futurehardware.in/showthread.php?t=558012
>
> Future hardware - http://www.futurehardware.in
--
Regards
stephen_hope@xyzworld.com - replace xyz with ntl
>
| |
|
|
zillah wrote:
> At work we have got cisco VPN 3000 concentrator is currently running , I
> have been assigned to write document about enhancement the VPN security
> by using TOKEN, I have not been given any further information.
>
> I have done an intensive search , but I could not get some thing that I
> can start with
>
> Any guide will be appreciated ?
Steve mentioned RSA's SecurID as a popular option. The RSA SecurID
Ready Implementation Guide for the cisco VPN 3000 Concentrator Series
is available from the RSA website at:
<http://rsasecurity.agora.com/rsasec...7_AuthMan61.pdf>.
Adding strong user authentication (2-factor authentication, as in
TOKEN) to a VPN is considered an enhancement because the VPN itself
can only validate the machines it links to -- whereas 2FA authenticates
an active human individual, and directly associates him or her with the
message traffic or transaction.
Hope this helps.
_Vin
| |
|
|
|
|
|