[c-nsp] VPN 3000 and Digital Certificates - Marco Matarazzo - net.nether.puck.cisco-nsp

1 message in net.nether.puck.cisco-nsp[c-nsp] VPN 3000 and Digital Certific...

From	Sent On	Attachments
Marco Matarazzo	Jan 26, 2005 10:36 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	[c-nsp] VPN 3000 and Digital Certificates	Actions...
From:	Marco Matarazzo (marm...@libero.it)
Date:	Jan 26, 2005 10:36:01 am
List:	net.nether.puck.cisco-nsp

Hi all,

I've been asked to deploy a VPN system to allow our customers to connect to their servers for mantainance. Since we already have a backend infrastructure for backing up the servers, I was thinking about adding a VPN Concentrator on the BE, make the customers connect to the public IP of this one, setup appropriate filters so they can connect only to their servers. From the documentation I've found, it seems all possible. Now we want to hand each customer one or more digital certificates to authenticate on the concentrator. Still unsure if we'll use W2k3 CA or OpenCA, but there's one thing I don't understand from the documentation. It says: "Model 3005 allows a maximum of 6 root or subordinate CA certificates (including supporting RA certificates) and 2 identity certificates". Does that mean that I can hand out just two certificates (-> two different users)? If not, is there some method to tell the VPN Concentrator to take the certificate from a radius or ldap server, to overcome that limit? Should I stick to username/password authentication?

Thanks! ]\/[arco

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: