|
Question : Use the built-in WinXP VPN instead of the Cisco VPN client?
|
|
My organization has us VPN in using the Cisco VPN client to a VPN concentrator. For some PCF profiles, a SecurID token is required, but the general profile just requires the username and password we use for most of the LDAP systems (Novell, email, etc).
I assume that we have to use the Cisco VPN client because the one built in to Windows in inadequate, but I'm hoping to understand better why I cannot (or if in fact I can) just use the Windows client. Some details from the PCF profile:
Authentication tab: Group authentication with a name and a password Transport tab: Transparent tunneling enabled, IPSec over UDP (NAT/PAT)
|
Answer : Use the built-in WinXP VPN instead of the Cisco VPN client?
|
|
In a word, no. The Cisco VPN client was designed specifically to work with the vpn3000 box. The administrator has 100% control over the behavior of the Cisco client. This includes things like split-tunneling, firewall requirements, user access restrictions, and encryption level. Microsoft PPTP client behavior can be manipulated by the end user and the encryption is much less secure. Yes, the vpn3000 box can be configured to allow use of the Microsoft PPTP VPN client, but apparently your company made a consious decision not to. Yes, the more secure Windows L2TP/IPSEC client can be used with a security policy, but not without the help and consent of the administrator. This client does not use the group authentication and password.
|
|
|
|