Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Im using an VPN-installation (Router, ACS, Cisco VPN Client) and I noticed that the group name and decrypted group password can also be used in the second step of authentication (the extended authentication or user authentication), which is a big sec...
I want to use the Feature "Downloadable IP Acls" on a 3825 VPN-router (IOS 12.4T) in combination with an ACS.In many documents and discussions I read that it is possible to use dACLs on "Cisco devices running IOS version 12.3(8)T or greater".The auth...
It's a known restriction - you should not use same server for authentication and authorization, both with IOS and ASA.Have you give this a though (either/or):- local isakmp authorization- certificate authentication (group)- splitting authentication a...
Thanks for your help. Your hints were very helpful. As I mentioned before I solved the problems with av-pairs and command "ipsec:inacl=". I think you mean that with split-tunneling ACLs.Problem is solved!!!
I think the auth-proxy feature is not the right think for me, because I dont want to use a kind of browser authentication. But thanks for your suggestion. Better than nothing I am a step further now.I set up a test szenario with GNS and VMware on my...
I'm also working on this topic. With the password revealer you can easily decrypt the group password. The group name is configured in plain text in the profile, too.So my additional question is following: How it can be prevented that an attacker uses...
