07-16-2008 04:44 AM
Could somebody please advise if the Cisco VPN Client is more secure than the Built-in microsoft VPN on windows XP? If the Cisco client is more secure than why? Does the Microsoft one not use IPSEC and just PPTP?
Please advise - Very urgent!
I'm sure a Cisco VPN Concentrator with Cisco Client is more secure but I not sure exactly why.
Solved! Go to Solution.
07-16-2008 08:12 AM
Carlton,
One have to take a deeper look at both, all your questions will be answered after you look at these links.
Ipsec is an opened standard, Cisco VPN client or any VPN client that is Ipsec based must meet these standards. You will learn more by reading these few links bellow, by the end of the reading you will be have a better
perspective as to which client you would be more gear towards using as a network professional.
Personally I have been moving away from PPTP gradually and replacing it with Cisco VPN clients. Don't get me wrong, PPTP is still widely used out there but it is more vulnerable.
With Ipsec based VPN you have a more wide selection of authentication algorythms,
encryptions granularity as a way to implement an extreamely secure VPN architecture for RA.
Introduction to IPsec
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml
introduction to PPTP/L2TP
http://www.clavister.com/manuals/ver8.6x/manual/vpn/pptp_basics.htm
Analysis of MS PPTP implemetation and vulnerabilities
http://www.schneier.com/paper-pptp.html
http://www.schneier.com/paper-pptp.pdf
Other workarounds for using MS client using L2TP over Ipsec
Also, you may do a google search on " hacking PPTP " or " Ipsec" to get a more insight of vulnerabilities.
Rgds
Jorge
07-16-2008 04:50 AM
PPTP client
http://en.wikipedia.org/wiki/Microsoft_Point-to-Point_Encryption
Cisco VPN Client
http://en.wikipedia.org/wiki/Triple_DES
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
[Pls RATE if HELPS]
07-16-2008 05:04 AM
a.alekseev - Are you trying to say Cisco VPN is better because ut uses DES on the data payload?
Does the MS VPN not encrypt the data payload at all?
Do they both use IPSEC for end to end privacy?
ps - Is tripple DES actually AES?
Would greatly appreciate answers!
07-16-2008 05:04 AM
a.alekseev - Are you trying to say Cisco VPN is better because ut uses DES on the data payload?
Does the MS VPN not encrypt the data payload at all?
Do they both use IPSEC for end to end privacy?
ps - Is tripple DES actually AES?
Would greatly appreciate answers!
07-16-2008 08:12 AM
Carlton,
One have to take a deeper look at both, all your questions will be answered after you look at these links.
Ipsec is an opened standard, Cisco VPN client or any VPN client that is Ipsec based must meet these standards. You will learn more by reading these few links bellow, by the end of the reading you will be have a better
perspective as to which client you would be more gear towards using as a network professional.
Personally I have been moving away from PPTP gradually and replacing it with Cisco VPN clients. Don't get me wrong, PPTP is still widely used out there but it is more vulnerable.
With Ipsec based VPN you have a more wide selection of authentication algorythms,
encryptions granularity as a way to implement an extreamely secure VPN architecture for RA.
Introduction to IPsec
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml
introduction to PPTP/L2TP
http://www.clavister.com/manuals/ver8.6x/manual/vpn/pptp_basics.htm
Analysis of MS PPTP implemetation and vulnerabilities
http://www.schneier.com/paper-pptp.html
http://www.schneier.com/paper-pptp.pdf
Other workarounds for using MS client using L2TP over Ipsec
Also, you may do a google search on " hacking PPTP " or " Ipsec" to get a more insight of vulnerabilities.
Rgds
Jorge
07-16-2008 09:14 AM
Jorge,
Thanks for taking the time to locate and put together all this information for me. Exactly the sort of reply I was looking for - couldn't have been better!
Carlton
07-16-2008 10:30 AM
Carlton,
You are very welcome, it is a pleasure to help, as a network professionals we are all on the same path and it is good to revisit these links and read them all from time to time.
Thank you for the rating.
Rgds
Jorge
07-19-2008 09:05 AM
If you want to user Miicrosoft VPN client with a Cisco device, you have to configure "vpdn" on the Cisco device to activate the PPTP
once done you connect to the cisco device using Microsoft VPN.
You can use Microsoft routing and remote access service on the Cisco device end to authenticate the users using the Active Directory. The RAS can be configured as RADIUS server and Cisco will get the authentication and authorization form the RAS of Microsoft. you can also configure local authentication for vpdn
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide