Re: SSL VPN over leased line???

Something like this is usually a business requirement not a technical one.
 I've seen companies that are required to encrypt all the data the goes
into a network they do not administer even if it goes over a leased line.
Also SSL vpn is usually browser based and clientless which some people may
find attractive. I have seen this alot actually.

From:
Samurai Jack <rs_at_resilient-consulting.com.au>
To:
ccielab_at_groupstudy.com
Date:
11/15/2009 03:03 AM
Subject:
SSL VPN over leased line???
Sent by:
<nobody_at_groupstudy.com>

Hello All,

I am looking at VPN access layer scenarios, and cant seem to get my head
around someone doing SSL VPN over a leased line..I mean why would someone
do
that? Before we get into "have you considered" here is what I did
consider:

1. Having a leased line connection into someone's infrastructure does not
mean traffic over that link is being encrypted. In order to do that, we
could simply do IPSec site to site VPN [let's say the IPSec platforms are
already in place]. To encrypt end to end [host to host],there is not much
that the network infrastructure can do, as this is upto the end hosts.

2. It might be difficult to get an internet connection somewhere [or maybe
a
lousy one], but the local telco could give you a leased line instead? Hard
to digest...

3. Maybe the requirement is to have a leased line, between the
two infrastructures instead of leveraging an internet connection due to
SLA
issues [internet = no SLA]. However that would be covered under point 1
above, and deploying a SSL VPN platform still wont provide an end to end
encryption between the hosts.

Have you folks ever come across a scenario of SSL VPN over a leased line,
and why would someone deploy this type of access model [leased line that
is]? Any pointers/experiences would be appreciated.

thanks in advance.

Al

Blogs and organic groups at http://www.ccie.net
Received on Sun Nov 15 2009 - 12:29:14 ART