• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 858
  • Last Modified:

Is CISCO ASA webvpn secure?

I'm considering allowing my users remote access to exchange webmail and the intranet via the webvpn feature on the Cisco ASA.  I propose to set up the webvpn to allow http access only, whilst user authentication will be against our AD.

Can anyone advise if there are any pitfalls or security risks to consider in doing this?

Any advice, thoughts, comments most welcome, cheers.
0
stemc
Asked:
stemc
1 Solution
 
bignewfCommented:
Cisco ASA Web VPN has known vulnerabilites, which I provided additional links below.

If you are deploying this, then make sure you employ certificates as well as RADIUS authentication for Active Directory.

http://www.securiteam.com/securitynews/5PP0620PFI.html
http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml

Depending on the nature of your security requirements, you might want to deploy the Remote access vpn client with RSA SEcure ID

Again, certificates + an AAA server increase your security than out of the box default configurations
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Tackle projects and never again get stuck behind a technical roadblock.
Join Now