Re: [Fed-Talk] New Email Requirement (UNCLASSIFIED)
Re: [Fed-Talk] New Email Requirement (UNCLASSIFIED)
- Subject: Re: [Fed-Talk] New Email Requirement (UNCLASSIFIED)
- From: "Timothy J. Miller" <email@hidden>
- Date: Wed, 16 Aug 2006 13:48:42 -0500
Halpin, Stanley Dr ARI wrote:
Has anyone been successful in using VPN from a Mac into an Army system? I
know that there is VPN option available under network preferences (?) but
haven't a clue what to do or whether Apple's flavor of VPN would be
acceptable to our network managers.
It depends on the VPN protocol. If they're using IPSec/XAUTH (which is
what the Cisco VPN client does) then no; the Mac Cisco VPN client is
crap, and hooks into neither the keychain nor the PKCS#11 module
provided, so it can't talk to the CAC.
If they're doing L2TP/IPSec (which is what the built-in Windows and Mac
VPN clients use), it *can* be made to work, but there are a couple of
little details that are needed.
If they're doing something else, I have no idea. :)
FWIW, I'll hazard a guess that they're using the Cisco VPN client with
the CAC. If this is so, they *must* be using the ASA5500 *and* version
7.2 or better *and* configure OCSP *and* configure the VPN to refuse
access if OCSP responses are unavailable.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden