Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

RSA SecurID and VPN

Status
Not open for further replies.
scrappy1234

scrappy1234

IS-IT--Management
Dec 20, 2007
4
CA
We have a probelm coming up witha design for connecting home users through 871 cisco router back to cisco concnetrator.
we can not use ezvpn due to some connetrator vpn options already in place.
Really need advie on how to configure so PC user is prompted 2-factor before getting access to pre-established (pre-shared key) vpn tunnel from 871 back to corp office (concentrator). Already thought of cisco vpn client but network guys state can not be used without ezvpn, we are using dmvpn.
Ideally can we get user on PC to do 2-factor (RSA passcode) then login to windows domain and get access to corp network through 871. The 871 router would act as our security gateway.

PC--->Cisco Router 871----> Internet-------> Concentrator---->RSA Auth Manager Server

[phone connected to another port on 871]
|

VOIP phone(separate vlan through established tunnel) Voip network separate than data network so auth not required.

 
Sort by date Sort by votes
You are all over the place with your question. Are you trying to use the Cisco VPN client, or are you trying to configure a site to site vpn? There is no 2 factor authentication for a site to site VPN.
 
Upvote 0 Downvote
Well to clarify,
site-site is through established VPN using pre-shared keys.

Now we need to do 2-factor auth of PC before it gets through 871 router and back to corp office through vpn tunnel

Cheers
 
Upvote 0 Downvote
If there is already a vpn tunnel established, then there is no way to establish a 2 factor authentication before traffic passes up the tunnel
 
Upvote 0 Downvote
What about this scenario

871 router established tunnel

802.1x port auth to 871 inside ports. Thus, with the windows XP eap auth to the port using RSA ID, router would use radius back to RSA radius server to confirm, not sure about the process of windows login though.
Any experience?
 
Upvote 0 Downvote
The tunnel would already have to be up to reach the radius server. So you are putting a device in peoples home and are then trying to restrict their access? Plan on being on the phone alot doing remote support. You would be better off using Cisco VPN client software on their machines and using 2 factor authentication
 
Upvote 0 Downvote
Thanks for the feedback, I appreciate it.

But what about the voip phone we use. The voip vlan connected would require its own vpn tunnel, thus now I have two tunnels which might create problems on bandwidth?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
600
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
442
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
398
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
351
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
412
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top