Thanks Phil, I've already got a Cisco IPsec VPN that I want to get rid of. I'm specifically interested in a remote access solution that requires a hardware key of some sort when remoting in.
Thanks, RS On Wed, Jul 29, 2009 at 10:59 PM, Phil Brutsche<[email protected]> wrote: > IMO the best place to start is to require some sort of secure remote > access mechanism. > > Most SSL VPN offerings support 2 factor, for example, and the > traditional fat IPsec VPN client a sort of 2 factor authentication > stemming from the way fat IPsec clients work. > > The way IPsec VPN clients does 2 factor: > part 1) A IKE phase 1 pre-shared key that the fat client MUST provide > before getting to phase 2. Some people use X.509 certificates for the > phase 1. > part 2) username & PW authentication via XAUTH > > Richard Stovall wrote: >> 1) minimal cost (naturally) >> 2) minimal installation footprint >> 3) flexibility (different rules depending on where the user is >> physically located) >> 4) ease of management >> 5) upgrade-ready (to future AD versions, etc.) >> >> All thoughts and experiences are welcome. > > -- > > Phil Brutsche > [email protected] > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
