RE: Double authentication (User & Machine) with VPN SSL

["Roger A. Grimes" <roger () banneretcs com>]

Need a little bit more about your environment:

Using Windows or Linux, or both? Using what versions of OS?

Using built-in software or is a third party solution solution
acceptable? 

Are smart cards or token devices an option, or do you want it to be a
software only implementation?

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Consultant 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****



-----Original Message-----
From: Peyman [mailto:peyman.secu () gmail com] 
Sent: Thursday, October 13, 2005 1:36 PM
To: security-basics () securityfocus com
Subject: Double authentication (User & Machine) with VPN SSL

Dear all,

  I was wondering if with a VPN SSL solution, it is possible to
authenticate the user and the machine both, with their certificates.
  I know that this could be possible with IPSec Over L2TP (machine
authentication with L2TP, and user authentication with IPSec), and not
possible with pure IPSec (just a basic login/password with X-Auth
available in IKE for a user authentication).
  Just to precise my needs :
    - I'd like to authenticate my users with a certificate because this
is useful for a remote vpn connection, and also for others needs
(emails, access to some ressources, applications, etc.)
    - I'd like to authenticate the corporate laptops with a unique
certificate stored securely on it : this is useful to only allow a full
network access to the corporate network to trusted machines, and also to
revocate certificates of laptops that might be stolen/lost.

Thanks a lot for any help,
Peyman