not sure if anyone else is doing anything to address this but seeing if i can get some idea's...
currently -- we have a cisco asa 5520 set up with radius authentication, this gives us the two point authentication we need.. however, since 1 part of the authentication, the group-name and password, never changes and is hard coded into the computer, it really only gives us 1 good authentication mechanism. (such as if the laptop was stolen, they would only need the username and password of the user to get in).
One way we could do a second user authentication is with RSA tokens, however this would be a costly solution as we have hundreds of user's that use VPN Clients... is there any other way to set up an authentication question with the radius servers or any other sort of second authentication mechanism to use?
Thanks for any help or idea's Shawn