Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Setup 1

Status
Not open for further replies.
robotdave

robotdave

Technical User
Apr 1, 2003
14
GB
Hi There

I'm still a Cisco Newbie, but the users on this site have helped my loads with the initial setup of my new pix 506e.

Now I have a solid security policy and no unwanted traffic in or out :eek:)

My second step is to implement VPN. I already have the client software but before I begin configuring things I thought I'd check to see if anybody here can offer some quick tips in the right direction.

Thanks in advance

Steve :eek:)
 
Sort by date Sort by votes
HI.

VPN is a very big door to your internal network, so it should be protected as much as reasonable, while allowing the needed services.

So, some tips for protecting VPN:

* Ask yourself - what will happen if an attacker gains full or partial control over a remote machine. How much effort and time will (s)he need to gain access to the main network.

* Ask yourself - what services will be available via the VPN. Will you allow the common scenario of unlimitted traffic or only allow access to specific hosts and services like mail, intranet, etc...

* And ask yourself - how much time and effort will be needed by an attacker without taking control over a remote machine with VPN client.

* Dual authentication helps protecting the VPN. With Cisco PIX use the XAUTH feature (user will need to authenticate to the pix and also to a RADIUS server with different passwords).

* Some techniques like certificates and/or hardware (smart-cards, etc) can provide a higher level of protection.


Some tips for the actual implementation:

* Here are some related links:

* You can use PDM.

* If you have only the DES key (and not 3DES), then use MD5+DES rather then SHA+DES which is not compatible with the Cisco software VPN client.
If you do have 3DES, you can use either SHA or MD5.

* Test VPN using different connections types of the remote clinet, like:
Ethernet - directly connected to pix outside interface.
Dial up modem.
ADSL.
Behind another NAT/Firewall device.

Good luck.


Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
640
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
229
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
785
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
175
WhosYourDiffie
WhosYourDiffie
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
153
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top