Firewall Wizards mailing list archives
RE: SaveUserPassword in Cisco VPN Client with PIX
From: "Paul Melson" <psmelson () comcast net>
Date: Mon, 7 Mar 2005 16:31:33 -0500
Christian, If it's worth keeping individual users access separate, then IMHO it is still worth making them sign on manually, even if the password is only useful for a handful of things. Write-protecting the .pcf file will maintain SaveUserPassword=1. This is probably easier than asking the PIX to do it. I think you would have to use some variation of 'isakmp peer ... no-config-mode' since IKE Config Mode is what sets this policy on the client (along with DNS/WINS/domain, etc.). This is really meant to allow site-to-site tunnels to share isakmp and crypto map configs with VPN clients on the same PIX by creating exceptions for specific peer addresses. Using this with a large number of VPN clients would be messy. Neither means is especially elegant. PaulM -----Original Message----- Subject: Re: [fw-wiz] SaveUserPassword in Cisco VPN Client with PIX Good Point :-) First of all, these passwords are not the ones used in the internal network. The VPN doesn't even end in the internal network. The VPN is used for 500 sales people who get email and downloads that are individually prepared for them (mostly updates on contracts which are already stored on the notebook). So if someone steals that notebook he already has the data. The stored password only provides him with subsequent updates plus email. On the other hand these people come and go. So we need to lock them out individually when they leave the company. Therefore we want to use XAUTH. I hope this explains why I want to do it. I just dont know how. I'm currently testing a suggestion to write protect the pcf file. You'll get a summary on the solution, one i got it working. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- SaveUserPassword in Cisco VPN Client with PIX Christian Eich (Mar 04)
- RE: SaveUserPassword in Cisco VPN Client with PIX Paul Melson (Mar 09)
- <Possible follow-ups>
- Re: SaveUserPassword in Cisco VPN Client with PIX Christian Eich (Mar 09)
- RE: SaveUserPassword in Cisco VPN Client with PIX Paul Melson (Mar 09)
- RE: SaveUserPassword in Cisco VPN Client with PIX R. Benjamin Kessler (Mar 12)