# SSL VPN withen site to site IPsec tunnel



## Osaid (May 16, 2012)

Dear Colleagues, 
we have VPN site site IPsec (using FG 310 in site A and Cisco router in site B;IPsec tunnel between 2 site ) 
the clients in site B reach and using services in site A(by using policies in FG) 
we need to protect our services in site A with 2 factor authentication,the 2 factor authentication supported SSL VPN, 
the question is: Is there a possibility of the clients in Site B to create SSL VPN tunnel (already have IPsec Tunnel) to enforce them to use 2 factor authentication that supported ssl vpn??? 
Please Advice us.. 

With Thanks..


----------



## AA1TECH (Nov 23, 2010)

I think we need a bit of clarification as to what your trying to do... 2 factor authentication is defined by implementing two of three of the following:

1) Something a user knows (uid/pw, pin, security questions, etc. etc.)
2) Something a user has (smart card, phone # in smart phone, usb special dongle, etc.)
3) Something a user is (fingerprint readers, other biometric devices, face recognition on the new smart phones)

If you have to implement 2FA it really doesn't depend on transport, that's independent and of course required in the case of a VPN.

ATM's do 2FA all the time, you have a debit card (something you have), and still have to type a pin # (something you know)... 2FA complete, doesn't matter how the ATM is communicating back to the bank (although obviously its secure).


----------



## AA1TECH (Nov 23, 2010)

I have reread this a couple of times, and I should have gone to bed an hour ago, so chalk it up to blurry eyes :facepalm:... it appears you already have the 2FA solution, but its implemented using SSL. The quick answer is yes, you need an SSL VPN client at site B (lots of them out there), and an SSL tunnel-termination gateway at site A. The routers will just see SSL on port 443 and process it. Google "SSL tunnel-termination gateway" and I think you will find what you need. Now I'm going to bed...


----------

