[vpn] Cisco VPN 3000 + PKI
Siddhartha Jain
losttoy2000 at yahoo.co.uk
Wed May 15 07:15:31 EDT 2002
Hey,
I am putting together a VPN solution using Cisco VPN
3000. There is a need for two-factor authentication
also. So i pitched in Rainbow's iKey token to store
the digital certificates (so basically the solution
also includes a certificate server).
But looking into the Cisco manual, Digital
certificates aren't a method of user authentication
but are used only for IKE negotiation (its pre-shared
keys or certificates).
So i need to put in a authentication server like
RADIUS too (which does accounting too). Now i am
trying to see how the whole solution works from the
client's side?
A client is first prompted for a username/password
which gets authenticated thru' the RADIUS server
(which may in-turn be looked up in a directory
server). If that succeeds, the user is prompted to
provide a digital certificate for IKE negotiation.
This would come from the iKey USB token.
So does this flow seem alright? Apart from configuring
user auth for RADIUS and IPSec IKE Policy for
certificates, would i need to configure anything else?
Need some confirmations.
Regards,
Siddhartha
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list