Best VPN Appliance

Blomberg, Orin P (DOH) Orin.Blomberg at DOH.WA.GOV
Mon Mar 8 19:37:02 UTC 2010


There is also the fact to consider that Cisco has said there will be no
support for Windows 64-bit on their IPSEC client, they are pushing
people to the AnyConnect (An SSL-based clientless IPSEC) who want to use
Windows 64-bit or other OSs, so in the future the argument for having a
separate box for client-based IPSEC will be moot.

Orin

-----Original Message-----
From: Stefan Fouant [mailto:sfouant at shortestpathfirst.net] 
Sent: Monday, March 08, 2010 11:29 AM
To: Voll, Toivo; Chris Campbell; Dawood Iqbal
Cc: nanog at nanog.org
Subject: Re: Best VPN Appliance

Toivo,

The SA Series absolutely supports IPsec if you are using Network
Connect.  It defaults to using IPsec and if that is not supported then
it will fall back to SSL.  Of course, NC is not as secure as W-SAM,
J-SAM, or Core Access in terms of role and resource granularity control
but the support for IPsec is absolutely there.

HTHs.

Stefan Fouant
------Original Message------
From: Voll, Toivo
To: Chris Campbell
To: Dawood Iqbal
Cc: nanog at nanog.org
Subject: RE: Best VPN Appliance
Sent: Mar 8, 2010 11:56 AM

We're generally happy with our Juniper SA6500s, but they, and a lot of
the other SSL VPN vendor appliances will not support IPSec. Cisco's ASA
does, but it's less feature-rich in the SSL VPN arena. The Juniper was
the most mature and flexible of all the offerings we looked at, but also
the most expensive, and it's not perfect either.

Having migrated from Cisco's 3000 series appliances, the current SSL
VPNs are a totally different mindset and about two orders of magnitude
more complicated. Have a very good understanding of exactly what problem
you're trying to solve with the product and what kind of policies and
requirements you have to meet, or it's going to be a mess. I can answer
more specific questions on our experiences and testing off-list.

--
Toivo Voll
University of South Florida
Information Technology Communications




-----Original Message-----
From: Chris Campbell [mailto:Chris.Campbell at nebulassolutions.com] 
Sent: Friday, March 05, 2010 11:36 AM
To: Dawood Iqbal
Cc: nanog at nanog.org
Subject: Re: Best VPN Appliance

The Juniper SA is by far and away the market leader and in my opinion
the best end user experience.

On 5 Mar 2010, at 15:57, Dawood Iqbal wrote:

> Hello All,
> 
> 
> 
> Is it possible to get your ideas on what VPN appliances are good to
have in
> enterprise network?
> 
> 
> 
> Requirements are;
> 
> SSL
> 
> IPSec
> 
> Client and Web VPN support (Win/MAC/iPhone/Android)
> 
> If webvpn is used, then when any user connects via webvpn, we should
be able
> to re-direct him to any and ONLY specific application i.e SAP.
> 
> If 2 boxes are installed then they should replicate data seamlessly.
> 
> 
> 
> 
> 
> Regards,
> 
> dI
> 




Sent from my Verizon Wireless BlackBerry




More information about the NANOG mailing list