×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

VPN Hardware vs RAS/IAS & SSL

VPN Hardware vs RAS/IAS & SSL

VPN Hardware vs RAS/IAS & SSL

(OP)
Hi,

We currently have our remote access users set up so they must go to certificate services and download a user SSL certificate. (which I control access to via IIS)

I have then set up RRAS/IAS to only allow SSL certificated users to connect to the work server via VPN.

However, our support company says this is an obscure and non-standard way of setting up VPN.

Yet when they messed with it they tried to set it up so it allowed username / password to connect and not SSL. (doesn't this send credentials in plain text?)

Surely their way is much more unsecure plus the data transfer wouldn't be encrypted.

They now have suggested we should get a VPN box for VPN users.

Why are they suggesting this, what's wrong with using the server's RRAS & ISA with SSL encryption / security.

What does a VPN box do, how is it better or 'the normal way' of doing things.

Why on earth do they think the way I have it configured is obscure and non-standard?

I'm a little confused over this, so your advice is appreciated.

Thanks,
1DMF.

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Google Rank Extractor -> Perl beta with FusionCharts

RE: VPN Hardware vs RAS/IAS & SSL

What type of VPN? If it's IPSEC, then ALL communication is encrypted.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

RE: VPN Hardware vs RAS/IAS & SSL

(OP)

Quote:

What type of VPN? If it's IPSEC, then ALL communication is encrypted.
Sorry I don't understand the question.
1. Do you mean what sort of box are we thinking of getting

or

2. What sort of VPN we are currently using?

1. I don't know, that's why I am asking the question, what's the difference, what does a box do that my current set up doesn't and what's so odd about our current set up?

2. It's SSL encryption, as I mentioned, you go to windows network connections, add a new connection, choose VPN and set it up to use the SSL certificate as the 'smart card or certificate' option.

As I understood it, if you just used username and password, it's plain text, can anyone confirm this please?

 

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Google Rank Extractor -> Perl beta with FusionCharts

RE: VPN Hardware vs RAS/IAS & SSL

If it is a true SSL VPN, then a username and password are not cleartext---encrypted with 128 bit SSL.

I am unfamiliar with W1nd0z3 VPNs, however.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close