[VPN] cisco limitations

Siddhartha Jain losttoy2000 at yahoo.co.uk
Sat Sep 21 09:58:49 EDT 2002


Hi Travis,

Yes you can do all the things you mentioned. I ran a
pilot for a customer with similar requiremets.

However, you need to add Cisco ACS Server to the
setup. Cisco VPN 3000 directly doesn't talk to LDAP. 

I used Rainbow's USB tokens to store individual user
certificates which had to be plugged in at the time of
the authentication. Once the certificate server okayed
the client certificate, the RADIUS auth would pop-up
and ask for a username/password. After this, the user
gets in to the network.

Regards,

Siddhartha


 --- "Watson, Travis" <Travis.Watson at Honeywell.com>
wrote: >  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hey guys.
> 
> Speaking conceptually, not good practice, is the
> cisco 3000 series
> capable of handling both ldap (from a pki) and
> radius athentication
> simulateously?  Also, if one were to switch users
> from a simple
> username passwd scheme to certificate based
> authentication, would it
> be fairly easy to reconfigure the client?  I would
> assume so, but
> I've never used the cisco client.
> 
> Thanks,
> 
> Travis
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use
> <http://www.pgp.com>
> 
>
iQA/AwUBPYuWvV29UUeDBSyeEQKR5gCg0I1qQKbizwCh0VDp/hZL4cGOQrYAnjy3
> cCWZKv9woYNEwJ6ngz90NDWY
> =WonJ
> -----END PGP SIGNATURE-----
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn 

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com



More information about the VPN mailing list