• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 415
  • Last Modified:

Cisco VPN Question

We have a Cisco ASA that manages the VPN tunnels. The clients connect to Cisco VPN Client 5.0. I know the VPN Profile password is encrypted, I wanted to find out if the user is on a unsecure wireless network or some type of hotspot if there user name password is also encrypted.  

I would think it is I just want to verify that. It uses ACS to Authenticate to the Domain when they log in through the VPN.

1 Solution
im nearly ceratin that it is encryted as well as the wireless connection has nothing to do with the vpn tunnel
amendez2Author Commented:
Yeah I know the wireless is separate from the VPN Tunnel, maybe i worded the question wrong.

If there is someone else on the unsecured wireless or secure wireless for that matter can they run some type of packet sniffer to grab the user credentials for the VPN.  
Absolutely not. Even if the wireless connection itself is open with no encryption, the VPN pre-shared key exchange uses an encrypted hash of the pre-shared key, not they key itself, and a secure encrypted tunnel is established, then the username/password prompt appears, and that username/password is sent within the encrypted tunnel. Once authenticated, the tunnel is open for traffic. The only thing that can be seen/captured off the air is encrypted ISAKMP/udp4500 traffic that cannot be decrypted.
Remember, too, that the Cisco VPN client has a built in personal firewall while connected, and you can control the firewall rules from the ASA side.


Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now