Cisco VPN Question

We have a Cisco ASA that manages the VPN tunnels. The clients connect to Cisco VPN Client 5.0. I know the VPN Profile password is encrypted, I wanted to find out if the user is on a unsecure wireless network or some type of hotspot if there user name password is also encrypted.  

I would think it is I just want to verify that. It uses ACS to Authenticate to the Domain when they log in through the VPN.

Who is Participating?
lrmooreConnect With a Mentor Commented:
Absolutely not. Even if the wireless connection itself is open with no encryption, the VPN pre-shared key exchange uses an encrypted hash of the pre-shared key, not they key itself, and a secure encrypted tunnel is established, then the username/password prompt appears, and that username/password is sent within the encrypted tunnel. Once authenticated, the tunnel is open for traffic. The only thing that can be seen/captured off the air is encrypted ISAKMP/udp4500 traffic that cannot be decrypted.
Remember, too, that the Cisco VPN client has a built in personal firewall while connected, and you can control the firewall rules from the ASA side.

im nearly ceratin that it is encryted as well as the wireless connection has nothing to do with the vpn tunnel
amendez2Author Commented:
Yeah I know the wireless is separate from the VPN Tunnel, maybe i worded the question wrong.

If there is someone else on the unsecured wireless or secure wireless for that matter can they run some type of packet sniffer to grab the user credentials for the VPN.  
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.