[vpn] authentication with vpn
john forstrom
forstrom at yahoo.com
Thu Jan 3 17:52:33 EST 2002
If this type of solution is of interest to you I can
help. You can respond to me at this email for more
info.
John Forstrom
--- Kent Dallas <kent at dalliesin.com> wrote:
> Jean-Philippe,
>
> One other thought: You may want to investigate a
> compulsory L2TP solution.
>
> If you can find a service provider that supports
> such a solution in your
> area, the users would dial-in to a local ISP POP,
> but instead of getting
> Internet access, the NAS would forward RADIUS/CHAP
> authentication data to
> you. Once you authenticate the user, the user's PPP
> session would be
> forwarded to a L2TP network server on your network.
> You could then
> terminate the PPP session, assigning a private IP
> address, DNS server, and
> WINS server.
>
> This solution offers "Intranet" access across
> Internet facilities, with a
> "look and feel" just like logging on to the ISP
> itself. It is very easy for
> end users, as they don't have to do anything out of
> the ordinary. And it
> does not require any special VPN client to install
> or manage. If the user
> needs Internet access within the same session, you
> would have to proxy their
> HTTP requests from your internal network.
>
> Most compulsory L2TP solutions do not include
> encryption, so you will have
> less privacy than you would have with an IPsec
> solution. However, based on
> your description, security does not appear to be
> your top concern.
>
> If you desire an IPSec solution, you can have the
> ISP proxy the RADIUS
> authentication to a server you control. Then the
> Internet access and VPN
> could authenticate to the same database. Users
> would not have to learn two
> different passwords, but they would have to enter
> the same password twice.
>
> If you do end up with a solution using only one
> password, understand that
> the entire security of your system will be limited
> to the strength of the
> passwords chosen. In this case, I would strongly
> recommend some "end user
> training" on how to develop strong passwords. You
> can find much more detail
> on this topic at http://www.dalliesin.com/pswd.html.
>
> Best of luck,
> Kent Dallas
>
> -----Original Message-----
> From: jean-philippe.planquart at wanadoo.fr
> [mailto:jean-philippe.planquart at wanadoo.fr]
> Sent: Tuesday, January 01, 2002 4:57 PM
> To: vpn at securityfocus.com
> Subject: [vpn] authentication with vpn
>
>
>
>
>
> I want to deploy vpn service for home users to
> access to intranet network.
>
> Users will first connect through an ISP service, and
> then to an
> authentication server to
> access to my intranet. With this solution, users
> must authenticate twice :
> - first to the ISP to authorize access to Internet
> - Second, to the authentication Gateway to authorize
> access to the Intranet.
>
> Then, after authentication, we build vpn between
> home user and the Gateway.
> With this
> solution, people have to learn 2 passwords ( for ISP
> and for my Gateway ).
> Has any body a solution to enter only one password ?
>
>
> VPN is sponsored by SecurityFocus.com
>
>
>
> VPN is sponsored by SecurityFocus.com
>
__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list