You do know that with NAP in Windows 2008 you can use something like RSA with the Cisco VPN/AnyConnect? Right?
Jon On Thu, Jul 30, 2009 at 12:04 AM, Richard Stovall <[email protected]> wrote: > Thanks Phil, > > I've already got a Cisco IPsec VPN that I want to get rid of. I'm > specifically interested in a remote access solution that requires a > hardware key of some sort when remoting in. > > Thanks, > RS > > On Wed, Jul 29, 2009 at 10:59 PM, Phil Brutsche<[email protected]> > wrote: > > IMO the best place to start is to require some sort of secure remote > > access mechanism. > > > > Most SSL VPN offerings support 2 factor, for example, and the > > traditional fat IPsec VPN client a sort of 2 factor authentication > > stemming from the way fat IPsec clients work. > > > > The way IPsec VPN clients does 2 factor: > > part 1) A IKE phase 1 pre-shared key that the fat client MUST provide > > before getting to phase 2. Some people use X.509 certificates for the > > phase 1. > > part 2) username & PW authentication via XAUTH > > > > Richard Stovall wrote: > >> 1) minimal cost (naturally) > >> 2) minimal installation footprint > >> 3) flexibility (different rules depending on where the user is > >> physically located) > >> 4) ease of management > >> 5) upgrade-ready (to future AD versions, etc.) > >> > >> All thoughts and experiences are welcome. > > > > -- > > > > Phil Brutsche > > [email protected] > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
