At work we have got Cisco VPN 3000 concentrator is currently running , I have been assigned to write document about enhancement the VPN security by using TOKEN, I have not been given any further information.
I have done an intensive search , but I could not get some thing that I can start with
Any guide will be appreciated ?
find some docs about the tokens you will use.
at work we use SecureID (RSA?), with ACE server as the central authentication system.
AFAIR the VPN 3000 can talk directly, but every system i have seen uses a TACACS or RADIUS server as a translator. We use the Cisco one, but there are several alternatives.
So VPN server -> TACACS -> ACE server.
look for the cisco docs for the 3000 - they should lead you straight to the info you need.
try this for some idea of how to do this stuff properly:
i have to recommend one , I have seen alot of organizations are using SecureID RSA, therefore I am going to recommend this one as well.
We also use the Cisco one which is called Cisco Secure Access Control Server (Cisco Secure ACS V3.3), which uses RADUIS or TACACS+ protocols.
You meant to say VPN 3000 can talk directly to RSA ACE/Server, without using any traslator such as Cisco Secure Access Control Server for instance,,,,didn't you ?
This is what I have seen as well. I do not why !!!
you can get some architecture papers from RSA about how to do this - they have some integration suggestions for the Cisco VPN 3000 on their web site.
it states that the VPN3000 supports "native" securID / ACE server and can integrate directly, or via Radius.
you need to register on their site to access the info.
Steve mentioned RSA's SecurID as a popular option. The RSA SecurID Ready Implementation Guide for the Cisco VPN 3000 Concentrator Series is available from the RSA website at: .
Adding strong user authentication (2-factor authentication, as in TOKEN) to a VPN is considered an enhancement because the VPN itself can only validate the machines it links to -- whereas 2FA authenticates an active human individual, and directly associates him or her with the message traffic or transaction.
Hope this helps.
_Vin
Thanks stephen and Vin for this insight
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.