PCI Compliance for DialUP VPN

Forum|Forum|7 years ago
July 31, 2018
1 reply
2558 views

Hi All,

we implemented a Dial-Up VPN solution with the following properties:

- IkeV1 Aggressive Mode, since the clients are connection from unknown peers

- XAUTH with external radius

It seems now that Aggressive Mode is not compliant with PCI, so we need to think some changes to apply. Main mode or Ikev2 are not suitables for our solution, since with Ikev2 the XAuth is not available and main mode does not apply with dynamics peer.

Could someone give me some suggestions on how to handle this problem?

Best regards,

Mauri

emnoc

New Member

You have your answer already, Using IKEv2 and EAP. As long as you stay with IKEv1 you are going to be aggressive mode.

The next option is to drop IPSEC and use SSL and issue certificate and enable TLSv1.2 support. You have to weigh the org needs and compatibility issues

Ken

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded