USB Keys and Cisco VPN Concentrator / Cisco VPN Client ?

USB Keys and Cisco VPN Concentrator / Cisco VPN Client ?

Post by TechGu » Sat, 22 Oct 2005 02:03:31

I am aware of various USB type keys that work in conjunction with the
Cisco VPN client and the Cisco VPN concentrator for added security.

The two that come to mind are:

Aladdin eToken

Can anyone think of and recommend any others ? Looking to evaluate
various ones out there.

Anyone know of anything along these lines but that also contain the
Cisco VPN client? The idea being user has a USB key, that they can
plug into any internet accessible windows pc, and launch the client
from the key rather then having to install and setup the Cisco VPN
client. Just trying to get a better feel of what is out there.

Thanks in advance for any suggestions or comments?

USB Keys and Cisco VPN Concentrator / Cisco VPN Client ?

Post by Martin Bil » Sat, 22 Oct 2005 04:27:26

You will need admin-rights or rights to install sw, inorder to do what you
This is also true if you consider WebVPN/SSL VPN/SecureDesktop features of
the VPN3000's

An other setup is to use Citrix Metaframe/SecureGateway and/or have the
VPN3000 Frontend this.

I do not know of any other OTP tokens, and OTP is what you want thats for

Martin Bilgrav


USB Keys and Cisco VPN Concentrator / Cisco VPN Client ?

Post by owen.nic » Wed, 26 Oct 2005 00:40:07


You can run the WiKID token on any USB device. Since the WiKID client
uses asymmetric cryptography instead of a shared secret, there is no
need to assign a particular token to each user. The keys are generated
on the device and a key pair swap is performed as part of the
registration process which can be automated using AD credentials on
your LAN with the ASP scripts we provide.

So you could put the Cisco VPN client and the WiKID token onto a USB
drive and hand them out like candy. Then direct the users to the ASP
scripts on your LAN and have them set up their tokens.

I like the idea of having the token and the VPN client on the same USB
token. I wonder if there are security risks though of allowing the
users to use any windows pc. They could plug into a malicious machine.
BTW, with the WiKID J2SE client, you can use Mac and Linux too and each
user could have more than one token.