Hi, On Thu, Dec 13, 2012 at 04:59:10PM +0100, Christophe Lucas wrote: > interface Virtual-Template1 > ip unnumbered FastEthernet0/0 > autodetect encapsulation ppp > peer default ip address pool vpn > ppp encrypt mppe auto > ppp authentication ms-chap-v2
JFTR, I hope everybody on this list is aware that PPTP with MPPE/MS-CHAP-v2 is about as secure as using PAP and no encryption. If someone is able to sniff your PPTP/MPPE-Session, all they need is to insert $200 into cloudcracker.com, and next morning they will have the NTLM HASH needed to authenticate against the server, impersonating the VPN client. See here for a detailed description: http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html Use IPSEC, SSL-VPN or OpenVPN. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [email protected] fax: +49-89-35655025 [email protected]
pgpMkJBU0dDac.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
