Re: SSL VPN over leased line???

I'd second this. We have a partner stock exchange in Germany which requites
running IPSec VPN client over ISDN towards test bed markets. And only
"client" so we had some rough times persuading them to allow us to store
passwords on our side to be able to smoothly run EZVPN on a router and
benefit from direct development servers connection rather than using quite
slow SSH tunnelling via intermediate PC with IPSec VPN client software. So
those business requirements may be quite odd sometimes. :-)

A.

2009/11/16 <Keegan.Holley_at_sungard.com>

> Something like this is usually a business requirement not a technical one.
> I've seen companies that are required to encrypt all the data the goes
> into a network they do not administer even if it goes over a leased line.
> Also SSL vpn is usually browser based and clientless which some people may
> find attractive. I have seen this alot actually.
>
>
>
>
> From:
> Samurai Jack <rs_at_resilient-consulting.com.au>
> To:
> ccielab_at_groupstudy.com
> Date:
> 11/15/2009 03:03 AM
> Subject:
> SSL VPN over leased line???
> Sent by:
> <nobody_at_groupstudy.com>
>
>
>
> Hello All,
>
> I am looking at VPN access layer scenarios, and cant seem to get my head
> around someone doing SSL VPN over a leased line..I mean why would someone
> do
> that? Before we get into "have you considered" here is what I did
> consider:
>
> 1. Having a leased line connection into someone's infrastructure does not
> mean traffic over that link is being encrypted. In order to do that, we
> could simply do IPSec site to site VPN [let's say the IPSec platforms are
> already in place]. To encrypt end to end [host to host],there is not much
> that the network infrastructure can do, as this is upto the end hosts.
>
> 2. It might be difficult to get an internet connection somewhere [or maybe
> a
> lousy one], but the local telco could give you a leased line instead? Hard
> to digest...
>
> 3. Maybe the requirement is to have a leased line, between the
> two infrastructures instead of leveraging an internet connection due to
> SLA
> issues [internet = no SLA]. However that would be covered under point 1
> above, and deploying a SSL VPN platform still wont provide an end to end
> encryption between the hosts.
>
> Have you folks ever come across a scenario of SSL VPN over a leased line,
> and why would someone deploy this type of access model [leased line that
> is]? Any pointers/experiences would be appreciated.
>
> thanks in advance.
>
> Al
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Nov 16 2009 - 09:25:19 ART