From: MMoniz (ccie2002@tampabay.rr.com)
Date: Thu May 13 2004 - 19:14:33 GMT-3
Armand, I understand what you mean. We have 3030's and I wasn't too
impressed yet either. However, a colleague at work was talking to a Cisco
DE, (through TAC) for the VPN products and he basically told us they will be
improving the capabilities pretty rapidly.
Since you already have the 3060's you may just want to wait it out for a
little while and see what happens, if that
is viable.
One bug that basically stopped us from deploying it to users is that you
can't delete messages through Web Outlook.
That is one of our primary reasons for wanting to deploy it.
mike
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Armand D
Sent: Thursday, May 13, 2004 5:57 PM
To: Rajagopal S; Karl Hsieh
Cc: ccielab@groupstudy.com
Subject: Re: SSL VPN's
Hi,
I'm wondering if anyone can give me a recommendation
of a mature SSL VPN appliance.
We curretnly own a cisco 3060 VPN concntrator and not
too excited about the WebVPN solution.
Any info would be appriciated.
Best Regards,
Armand
--- Rajagopal S <raj_ccie@yahoo.com> wrote: > Great
explanation karl. I think we need to stick
> around with IPSEC clients till the SSL VPN's really
> give us a great advantage. Anyway we will have to
> try it once to be very sure of the feature. I'll
> test it and let you more about this (if any !!)
>
> Thanks everyone for the URLs/posts given.
>
> Raj
>
> Karl Hsieh <chilins@seed.net.tw> wrote:
> Hello All,
> Well, Cisco is not an expert in SSL VPN. Therefore,
> what you read in the CCO
> gives you the impression that SSL VPN is not so good
> as IPSec VPN is.
> Besides, the WebVPN feature in the Concentrator is
> not very mature comparing
> to that in other native SSL VPN vendors' appliance.
> But Cisco is an ambitious challenger in the area.
> Cisco, like Nortel, does a
> mixed-mode approach, i.e. SSL VPN and IPSec VPN in
> one box.
> Why is SSL VPN a trend? Cisco gives the answer. Last
> month, Cisco acquired
> another SSL VPN company TWINGO after F5 acquired
> URoam, Symantec acquired
> Safeweb and NetScreen that is acquired by Juniper
> acquired Neoteris.
>
> The features of SSL VPN can be devided to 3 main
> categories(all in one box):
> 1. Web-based application and "Network
> Neighborhood"----> true clientless VPN
> which has a highest level application security; only
> the resoures on a
> specific web-based application is allowed. --->Cisco
> supports this mode, but
> there are limitation as stated in their document.
> 2. Client/Server mode: native client like MS Outlook
> or Notes client can be
> used; almost all other client/server applications
> are supported in this
> mode. ---->Cisco has limited support of this mode.
> 3. SSL Tunnel mode: like IPSec VPN, client will get
> an IP from the SSL VPN
> appliance; all intranet resources will be accessed
> like IPSec VPN.--->Cisco
> does not support this mode.
>
> Like IPSec VPN, the SSL tunnels from any client
> terminate on the SSL VPN
> appliance. The backend servers do not have to
> support SSL protocol.
> According to my experience, it is recommended that
> you tried other vendors
> product and you will get a better impression on this
> solution.
>
> HTH,
>
> Karl #12390
>
>
> ----- Original Message -----
> From:
> Sent: Tuesday, April 27, 2004 9:50 PM
> Subject: RE: SSL VPN's
>
>
> > Yes you are right
> >
> > If you ask me I don't prefer WebVPN comparing
> IPSec connection
> >
> > And also this solution is limited application
> support..
> >
> > Serkan Ustundag
>
> > Network and Security Engineer
> >
> > CCNP,CCDP,CCSE
> >
> > CCSP (Cisco Certified Security Professional)
> >
> > Cisco Network Management Specialist
> > _____
> >
> > From: Richard Dumoulin
> [mailto:richard.dumoulin@vanco.es]
> > Sent: Tuesday, April 27, 2004 4:29 PM
> > To: Serkan Ustundag - (G|venlik ve Ag M|hendisi
> -Tepum Secura);
> > h-tomikawa@syscomusa.com; istong@stong.org
> > Cc: raj_ccie@yahoo.com; Gabor.Gyori@lnx.hu;
> ccielab@groupstudy.com
> > Subject: RE: SSL VPN's
> >
> >
> > After quickly reading the introduction, it seems
> to me that this kind of
> vpn
> > is limited. Only ssl enabled servers are
> accessible from the client side.
> > Where is the advantage ? Ah yes, that the client
> only needs a web
> browser. Is
> > that really an advantage ? On the other hand you
> have to have ssl enabled
> > servers,
> >
> > --Richard
> >
> > -----Original Message-----
> > From: sustundag@secura.com.tr
> [mailto:sustundag@secura.com.tr]
> > Sent: martes, 27 de abril de 2004 14:59
> > To: h-tomikawa@syscomusa.com; istong@stong.org
> > Cc: raj_ccie@yahoo.com; Gabor.Gyori@lnx.hu;
> ccielab@groupstudy.com
> > Subject: RE: SSL VPN's
> >
> >
> >
> >
>
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration
_
> > guide_chapter09186a00801f1dd5.html
> >
> >
>
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration
_
> > guide_chapter09186a00801f1fb6.html
> >
> > These are all I could find
> >
> >
> >
> > Serkan Ustundag
> >
> > Network and Security Engineer
> > CCNP,CCDP,CCSE
> > CCSP (Cisco Certified Security Professional)
> > Cisco Network Management Specialist
> >
> > sustundag@secura.com.tr
> >
> > Secura bir TEPUM grup sirketidir
> >
> > -----Original Message-----
> > From: Tomikawa [mailto:h-tomikawa@syscomusa.com]
> > Sent: Tuesday, April 27, 2004 3:39 PM
> > To: istong@stong.org
> > Cc: Rajagopal S; Gyo~ri Ga'bor;
> ccielab@groupstudy.com
> > Subject: Re: SSL VPN's
> >
> > I am also very interested in this topic.
> > As matter of fact, there is upcoming project which
> will required me to
> install
> > a concentrator using WebVPN(SSL). But, I could
> find very little resourses
> from
> > CCO.
> >
> > Does anyone know any URL which explains config
> example, etc...?
> >
> > Thanks
> >
> > istong@stong.org wrote:
> >
> > >HI Raj,
> > >
> > >With the concentrator you can setup
> rules/policies that will limit what
> > >your PC can get to. In your case you can have it
> so the PC can only
> > >access the one IP on your network.
> > >
> > >
> > >Ian
> > >http://www.CCIE4u.com
> > >CCIE Lab and Rack Rentals
> > >
> > >
> > >
> > >
> > >>Hello Gabor,
> > >>
> > >>Are you refering to the Firewall policy option
> of a VPN concentrator ?
> > >>I think this works with VPN clients 3.5 and
> above. can i block any
> > >>traffic flowing from my network to the client PC
> network too in this
> > >>case ? I want the client PC to access only one
> > >> IP in my network. I need to block others. is
> this
> > >>possible through this ?
> > >>
>
=== message truncated ===
Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com
This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:11 GMT-3