Windows 2003 IAS and Cisco VPN Client

Hi everyone!

I have a question for the group and any response would be
appreciated...

I setup Windows 2003 IAS and Cisco VPN Client using PIX 515 and all
works great based on the document Cisco provided. However, I have a
security question:

The document states that Cisco VPN client will only support PAP or SPAP
without any encryption (tested it, it's true...). What does that mean
for security? Are the username and password being passed unencrypted?
The tunnel is already created using the vpngroup so I'm not very
sure... I could not find any good answers from Cisco or Microsoft and
was wondering if anyone found this answer...

Thank you all!

Tom

 

If I am not mistaken, the IPSec negotation and establish of an SA occur
before the username and password are passed from the client to the
server. Between the client and the PIX, then, the authentication
information is protected by the IPSec tunnel. Between the PIX and the
IAS server, however, the traffic is not protected--typically this is
not a concern since this should be a trusted network anyway.

HTH.