This week’s post highlights some of the features and implementation specifics regarding the Datagram Transport Layer Service (DTLS) protocol used in Virtual Private Networks with the Cisco AnyConnect^® SSL client. I’ll provide some background as well as some screenshots and supported CLI commands.

Within a few years after Cisco acquired the original VPN Concentrator from Altiga Networks, a noted improvement was made in the way IPSec remote access VPN clients initiated connections. This improvement was named “Hybrid Mode Authentication” on the concentrator but is supported using the “Mutual Group Authentication” radio button on the connection entry screen on the Cisco IPSec client. We’ll briefly examine the motivation for this improvement, outline the mechanism and how it differs from the earlier “preshared key only” mode, and finally show where it’s configured on the ASA.

This article is the last in a three-part series that highlights some of the topics covered in the new Global Knowledge ASA Essentials class, an offering intended to provide the student key areas of interest for initially provisioning their security appliance. This article will focus on single sign-on (SSO) in Virtual Private Networks.

This post is the first in a three-part series that highlights some of the topics covered in the new Global Knowledge ASA Essentials class, an offering intended to provide the student the key areas of interest for initially provisioning their security appliance. This post focuses on high availability for VPN traffic.

This week’s post came at the (unknown to him!) encouragement from another Cisco instructor who mentioned that this product was available for download from Cisco Connection Online (CCO). The phrase in the title above “product for the future” is my own choice of words and certainly not any marketing language from Cisco Systems.

Windows NT 4.0 included an implementation of the Point to Point Tunneling Protocol (PPTP) for both the NT4 Workstation and NT4 Server products, with a client for Windows 95 OSR2, and PPTP is still supported in Windows and other operating systems. Virtual Private Networking (VPN) technologies have evolved since then. In fact, could they have […]

Back in September I wrote an post on Double Authentication in which I noted that I would elaborate on the HTTP Form Authentication method menu option at a later date. This post gives an overview of both its mechanism as well as its use by Cisco ASA security appliances. One reason why a network administrator […]

A relatively new feature on the Cisco Router IOS® (introduced in version 12.4(9)T) finally supports NAT transparency with IPSec VPNs using Tunnel Control Protocol (TCP). This option has long been available on the VPN concentrator platform and was first implemented on the ASA and PIX platforms in operating system version 7.0. This post highlights the […]

Many of the students that attend the Cisco MARS classes I teach must comply with an increasing number of regulations for security practices.  Not least among these is the set of requirements known as the Payment Card Industry Digital Security Standard (PCI DSS).  One such requirement in the newer version of this standard is referenced […]

Unified Communications (UC) systems have done a lot to enable teleworking.  While physically located at someone’s residence, an IP phone can be logically connected to the corporate network and therefore place and receive calls as it were in the office.  Some organizations are able to obtain quantity discounts which make it possible to have MPLS […]