No announcement yet.

Connecting to VPN before logging into domain

  • Filter
  • Time
  • Show
Clear All
new posts

  • Connecting to VPN before logging into domain

    I would like to make it so that before users log into the domain, their laptops, if possible, connect to the VPN. This will mean we can use two factor authentication, correctly map their drives and folder redirection, etc.
    Has anybody done this before?



  • #2
    Re: Connecting to VPN before logging into domain

    At my previous employer, one of our customers had this arrangement. They were using a SecurID "Soft Token" which is like a key-fob token which appears on your laptop screen instead of on a physical key-fob. This would appear as soon as the laptop booted along with the VPN client. You would type your PIN into the token which would "Hash" the value on the display, and then the resulting hashed value was used as the user's password. The token's server component on the RSA ACE server would authenticate the token value against the user's token and allow access to the network. The user would then log into their laptop as if they were on the Corporate LAN.

    They were using the latest Cisco VPN Client, a PIX Firewall and as I said RSA SecurID Soft Tokens with an ACE/ACS Server authenticating them.

    Hope this helps...

    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you


    • #3
      Re: Connecting to VPN before logging into domain

      It does seem I'm going to have to use a cisco solution, and set up a Radius server.
      I've already got a pix 515 in place, but I don't think this will be fun. Here goes anyway.