[vpn] authentication with vpn

john forstrom forstrom at yahoo.com
Thu Jan 3 17:52:33 EST 2002


If this type of solution is of interest to you I can
help. You can respond to me at this email for more
info.


John Forstrom



--- Kent Dallas <kent at dalliesin.com> wrote:
> Jean-Philippe,
> 
> One other thought:  You may want to investigate a
> compulsory L2TP solution.
> 
> If you can find a service provider that supports
> such a solution in your
> area, the users would dial-in to a local ISP POP,
> but instead of getting
> Internet access, the NAS would forward RADIUS/CHAP
> authentication data to
> you.  Once you authenticate the user, the user's PPP
> session would be
> forwarded to a L2TP network server on your network. 
> You could then
> terminate the PPP session, assigning a private IP
> address, DNS server, and
> WINS server.
> 
> This solution offers "Intranet" access across
> Internet facilities, with a
> "look and feel" just like logging on to the ISP
> itself.  It is very easy for
> end users, as they don't have to do anything out of
> the ordinary.  And it
> does not require any special VPN client to install
> or manage.  If the user
> needs Internet access within the same session, you
> would have to proxy their
> HTTP requests from your internal network.
> 
> Most compulsory L2TP solutions do not include
> encryption, so you will have
> less privacy than you would have with an IPsec
> solution.  However, based on
> your description, security does not appear to be
> your top concern.
> 
> If you desire an IPSec solution, you can have the
> ISP proxy the RADIUS
> authentication to a server you control. Then the
> Internet access and VPN
> could authenticate to the same database.  Users
> would not have to learn two
> different passwords, but they would have to enter
> the same password twice.
> 
> If you do end up with a solution using only one
> password, understand that
> the entire security of your system will be limited
> to the strength of the
> passwords chosen.  In this case, I would strongly
> recommend some "end user
> training" on how to develop strong passwords.  You
> can find much more detail
> on this topic at http://www.dalliesin.com/pswd.html.
> 
> Best of luck,
> Kent Dallas
> 
> -----Original Message-----
> From: jean-philippe.planquart at wanadoo.fr
> [mailto:jean-philippe.planquart at wanadoo.fr]
> Sent: Tuesday, January 01, 2002 4:57 PM
> To: vpn at securityfocus.com
> Subject: [vpn] authentication with vpn
> 
> 
> 
> 
> 
> I want to deploy vpn service for home users to
> access to intranet network.
> 
> Users will first connect through an ISP service, and
> then to an
> authentication server to
> access to my intranet. With this solution, users
> must authenticate twice :
> - first to the ISP to authorize access to Internet
> - Second, to the authentication Gateway to authorize
> access to the Intranet.
> 
> Then, after authentication, we build vpn between
> home user and the Gateway.
> With this
> solution, people have to learn 2 passwords ( for ISP
> and for my Gateway ).
> Has any body a solution to enter only one password ?
> 
> 
> VPN is sponsored by SecurityFocus.com
> 
> 
> 
> VPN is sponsored by SecurityFocus.com
> 


__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list