At work we have got Cisco VPN 3000 concentrator is currently running , I have been assigned to write document about enhancement the VPN security by using TOKEN, I have not been given any further information.
I have done an intensive search , but I could not get some thing that I can start with
at work we use SecureID (RSA?), with ACE server as the central authentication system.
AFAIR the VPN 3000 can talk directly, but every system i have seen uses a TACACS or RADIUS server as a translator. We use the Cisco one, but there are several alternatives.
So VPN server -> TACACS -> ACE server.
look for the cisco docs for the 3000 - they should lead you straight to the info you need.
try this for some idea of how to do this stuff properly:
i have to recommend one , I have seen alot of organizations are using SecureID RSA, therefore I am going to recommend this one as well.
We also use the Cisco one which is called Cisco Secure Access Control Server (Cisco Secure ACS V3.3), which uses RADUIS or TACACS+ protocols.
You meant to say VPN 3000 can talk directly to RSA ACE/Server, without using any traslator such as Cisco Secure Access Control Server for instance,,,,didn't you ?
This is what I have seen as well. I do not why !!!
formatting link
Cisco network devices generally know *how to talk* TACACS+ or RADIUS to
Steve mentioned RSA's SecurID as a popular option. The RSA SecurID Ready Implementation Guide for the Cisco VPN 3000 Concentrator Series is available from the RSA website at: .
Adding strong user authentication (2-factor authentication, as in TOKEN) to a VPN is considered an enhancement because the VPN itself can only validate the machines it links to -- whereas 2FA authenticates an active human individual, and directly associates him or her with the message traffic or transaction.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.