Re: [Fed-Talk] CAC card and VPN
Re: [Fed-Talk] CAC card and VPN
- Subject: Re: [Fed-Talk] CAC card and VPN
- From: "Miller, Timothy J." <email@hidden>
- Date: Tue, 25 Aug 2009 09:09:18 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] CAC card and VPN
On 8/24/09 11:04 AM, "Wade, Justin CTR OSD PA" <email@hidden>
wrote:
> I was doing a final round of checks to see what anyone is using for VPN WITH
> the CAC card? I have found the cisco VPN for Mac unable to use CAC card. So
> far I've settled on Juniper VPN. We also don't have the ability to run Cisco
> AnyConnect which can utilize the CAC card. Any suggestions would be great.
> Thanks!
It depends on your VPN protocol.
The standard is L2TP/IPSec. OS X will happily talk L2TP/IPsec with CAC
(with some caveats).
Most VPN deployments are *not* L2TP/IPsec. They're IPsec with
vendor-proprietary extensions (e.g., XAUTH for Cisco).
L2TP/IPsec has the advantage of requiring *both* the machine to authenticate
(at the IPsec layer) and the user to authenticate (at the L2TP layer).
Going the vendor-proprietary route means you have to deploy something like
Cisco NAC in order to get similar assurance that non-permitted machines are
not admitted over the VPN.
-- Tim
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden