From: Armand D (ciscoworks2001@yahoo.com)
Date: Thu May 13 2004 - 18:56:31 GMT-3
Hi,
I'm wondering if anyone can give me a recommendation
of a mature SSL VPN appliance.
We curretnly own a cisco 3060 VPN concntrator and not
too excited about the WebVPN solution.
Any info would be appriciated.
Best Regards,
Armand
--- Rajagopal S <raj_ccie@yahoo.com> wrote: > Great
explanation karl. I think we need to stick
> around with IPSEC clients till the SSL VPN's really
> give us a great advantage. Anyway we will have to
> try it once to be very sure of the feature. I'll
> test it and let you more about this (if any !!)
>
> Thanks everyone for the URLs/posts given.
>
> Raj
>
> Karl Hsieh <chilins@seed.net.tw> wrote:
> Hello All,
> Well, Cisco is not an expert in SSL VPN. Therefore,
> what you read in the CCO
> gives you the impression that SSL VPN is not so good
> as IPSec VPN is.
> Besides, the WebVPN feature in the Concentrator is
> not very mature comparing
> to that in other native SSL VPN vendors' appliance.
> But Cisco is an ambitious challenger in the area.
> Cisco, like Nortel, does a
> mixed-mode approach, i.e. SSL VPN and IPSec VPN in
> one box.
> Why is SSL VPN a trend? Cisco gives the answer. Last
> month, Cisco acquired
> another SSL VPN company TWINGO after F5 acquired
> URoam, Symantec acquired
> Safeweb and NetScreen that is acquired by Juniper
> acquired Neoteris.
>
> The features of SSL VPN can be devided to 3 main
> categories(all in one box):
> 1. Web-based application and "Network
> Neighborhood"----> true clientless VPN
> which has a highest level application security; only
> the resoures on a
> specific web-based application is allowed. --->Cisco
> supports this mode, but
> there are limitation as stated in their document.
> 2. Client/Server mode: native client like MS Outlook
> or Notes client can be
> used; almost all other client/server applications
> are supported in this
> mode. ---->Cisco has limited support of this mode.
> 3. SSL Tunnel mode: like IPSec VPN, client will get
> an IP from the SSL VPN
> appliance; all intranet resources will be accessed
> like IPSec VPN.--->Cisco
> does not support this mode.
>
> Like IPSec VPN, the SSL tunnels from any client
> terminate on the SSL VPN
> appliance. The backend servers do not have to
> support SSL protocol.
> According to my experience, it is recommended that
> you tried other vendors
> product and you will get a better impression on this
> solution.
>
> HTH,
>
> Karl #12390
>
>
> ----- Original Message -----
> From:
> Sent: Tuesday, April 27, 2004 9:50 PM
> Subject: RE: SSL VPN's
>
>
> > Yes you are right
> >
> > If you ask me I don't prefer WebVPN comparing
> IPSec connection
> >
> > And also this solution is limited application
> support..
> >
> > Serkan Ustundag
>
> > Network and Security Engineer
> >
> > CCNP,CCDP,CCSE
> >
> > CCSP (Cisco Certified Security Professional)
> >
> > Cisco Network Management Specialist
> > _____
> >
> > From: Richard Dumoulin
> [mailto:richard.dumoulin@vanco.es]
> > Sent: Tuesday, April 27, 2004 4:29 PM
> > To: Serkan Ustundag - (G|venlik ve Ag M|hendisi
> -Tepum Secura);
> > h-tomikawa@syscomusa.com; istong@stong.org
> > Cc: raj_ccie@yahoo.com; Gabor.Gyori@lnx.hu;
> ccielab@groupstudy.com
> > Subject: RE: SSL VPN's
> >
> >
> > After quickly reading the introduction, it seems
> to me that this kind of
> vpn
> > is limited. Only ssl enabled servers are
> accessible from the client side.
> > Where is the advantage ? Ah yes, that the client
> only needs a web
> browser. Is
> > that really an advantage ? On the other hand you
> have to have ssl enabled
> > servers,
> >
> > --Richard
> >
> > -----Original Message-----
> > From: sustundag@secura.com.tr
> [mailto:sustundag@secura.com.tr]
> > Sent: martes, 27 de abril de 2004 14:59
> > To: h-tomikawa@syscomusa.com; istong@stong.org
> > Cc: raj_ccie@yahoo.com; Gabor.Gyori@lnx.hu;
> ccielab@groupstudy.com
> > Subject: RE: SSL VPN's
> >
> >
> >
> >
>
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_
> > guide_chapter09186a00801f1dd5.html
> >
> >
>
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_
> > guide_chapter09186a00801f1fb6.html
> >
> > These are all I could find
> >
> >
> >
> > Serkan Ustundag
> >
> > Network and Security Engineer
> > CCNP,CCDP,CCSE
> > CCSP (Cisco Certified Security Professional)
> > Cisco Network Management Specialist
> >
> > sustundag@secura.com.tr
> >
> > Secura bir TEPUM grup sirketidir
> >
> > -----Original Message-----
> > From: Tomikawa [mailto:h-tomikawa@syscomusa.com]
> > Sent: Tuesday, April 27, 2004 3:39 PM
> > To: istong@stong.org
> > Cc: Rajagopal S; Gyo~ri Ga'bor;
> ccielab@groupstudy.com
> > Subject: Re: SSL VPN's
> >
> > I am also very interested in this topic.
> > As matter of fact, there is upcoming project which
> will required me to
> install
> > a concentrator using WebVPN(SSL). But, I could
> find very little resourses
> from
> > CCO.
> >
> > Does anyone know any URL which explains config
> example, etc...?
> >
> > Thanks
> >
> > istong@stong.org wrote:
> >
> > >HI Raj,
> > >
> > >With the concentrator you can setup
> rules/policies that will limit what
> > >your PC can get to. In your case you can have it
> so the PC can only
> > >access the one IP on your network.
> > >
> > >
> > >Ian
> > >http://www.CCIE4u.com
> > >CCIE Lab and Rack Rentals
> > >
> > >
> > >
> > >
> > >>Hello Gabor,
> > >>
> > >>Are you refering to the Firewall policy option
> of a VPN concentrator ?
> > >>I think this works with VPN clients 3.5 and
> above. can i block any
> > >>traffic flowing from my network to the client PC
> network too in this
> > >>case ? I want the client PC to access only one
> > >> IP in my network. I need to block others. is
> this
> > >>possible through this ?
> > >>
>
=== message truncated ===
Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com
This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:11 GMT-3