Configuring AAA with DES/3DES

vinaymurthy · ‎09-09-2005

Hi,

I have ACS 3.3, & CISCO 2620 routers.

Users will dial-in to the CISCO 2620 routers through PSTN line. The routers act as AAA clients. I would like to know how to enahnce the connection between routers & end-user machines. Can I configure 3DES & DES on CISCO routers & ACS to secure the connection. What are the configuration steps required?

d-garnett · ‎09-10-2005

Direct communication over the PSTN should be relatively secure but if you'd like to you can do the following

Functional Behavior

Existing ACL on Input interface only allows IPSec and IKE (Layer3/4) traffic to the router

User dials up and authenticates to the router using PPP CHAP

After successful authentication/authorization you could have them launch a VPN Client connection to the router itself.

You will need to configure the router as an EzVPN Server and have the users use Cisco VPN Client

________________________________________________

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml

vinaymurthy · ‎09-11-2005

Hi Garnett,

Thanks for the reply.

I had followed the configuration example earlier. If you observe the configuration, the user needs to configure the IP address of the router manually in VPN client. It is very much difficult in my scenario.

In my case, User would be given an Username & Password & dialing number, thats it. Rest of configuration needs to be automated.

What I am looking at is

1. User has a PSTN line. He dials into the router, establishes a PPP connection. What I need to configure or required to secure this ppp connection?

Do I have options in VPN client like that?