RE: Double authentication (User & Machine) with VPN SSL
From: Weatherford, Chad (CWeatherford_at_scvl.com)
Date: Thu, 13 Oct 2005 16:53:45 -0500 To: "Peyman" <email@example.com>, <firstname.lastname@example.org>
What are your remote users connecting to on your end? A firewall,
From: Peyman [mailto:email@example.com]
Sent: Thursday, October 13, 2005 12:36 PM
Subject: Double authentication (User & Machine) with VPN SSL
I was wondering if with a VPN SSL solution, it is possible to
authenticate the user and the machine both, with their certificates.
I know that this could be possible with IPSec Over L2TP (machine
authentication with L2TP, and user authentication with IPSec), and not
possible with pure IPSec (just a basic login/password with X-Auth
available in IKE for a user authentication).
Just to precise my needs :
- I'd like to authenticate my users with a certificate because
this is useful for a remote vpn connection, and also for others needs
(emails, access to some ressources, applications, etc.)
- I'd like to authenticate the corporate laptops with a unique
certificate stored securely on it : this is useful to only allow a
full network access to the corporate network to trusted machines, and
also to revocate certificates of laptops that might be stolen/lost.
Thanks a lot for any help,