Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
SSL VPN
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
SSL VPN - 14.Sep.2004 8:31:00 PM
|
|
|
Guest
|
ISA 2004 should included SSL VPN capabilities similar to Netscreen, Whale and the Symantec SSL VPN appliances.
|
|
|
|
|
RE: SSL VPN - 15.Sep.2004 4:13:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Oboy,
What features do you get from an SSL VPN that the ISA firewall's one of kind VPN server doesn't provide you?
I'm just wondering if the new ISA firewall actually provides what you need, but you don't know it yet.
Thanks!
Tom
|
|
|
|
|
RE: SSL VPN - 16.Sep.2004 9:18:00 PM
|
|
|
Guest
|
Tom,
Thanks for the reply. I am not sure if you are familiar with the feature set that the Netscreen SSL VPN appliance has, but that is basically what we are looking for.
-End User access thru a web browser to network applications and resources.
-No end user software installation
-Ability to check client PCÆs for Virus defÆs, patches and other security items and provide client access types based on PCÆs security level.
- End user cache cleaning at session end
- Web interface for client connections that is customizable per client or client group
|
|
|
|
|
RE: SSL VPN - 17.Sep.2004 4:03:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Oboy,
Great! Do you want file share type access, or specific applications, such as OWA, OMA, ActiveSync or RDP over SSL?
Also, how much do they charge this solution?
Thanks!
Tom
|
|
|
|
|
RE: SSL VPN - 17.Sep.2004 3:57:00 PM
|
|
|
Guest
|
With an SSL VPN client a user should be able to access network resources similar to a IPSec client. So they would have network layer acecss, access to application and files. The Netscreen/juniper solution is very expensive, so we are looking for other options. The Citrix secure gatway product has given us a lot of the functionality we need and I will be implementing exchange 2003 this week so that we can take advantage of the new owa, active sync over SSL. I belive that ISA server can be used similar to a front end exchange server, so we will probably head in that direction for now. I should be ready to upgrade our ISA 2000 server to 2004 in the next month or so.
|
|
|
|
|
RE: SSL VPN - 17.Sep.2004 6:29:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hey guys,
it is already some time ago I looked at the SSL VPN solutions and my conclusion was then that they are very expensive and not so client-less as they advertise.
I've no detailed info about the Netscreen solution - you can't download the administrator or user guide for free ![[Frown]](/image/smiles/frown.gif) - but if I'm well informed it is based on the Neoteris solution. In general, I think you should differentiate the purpose of the SSL VPN solutions against which type of application you want to use.
For web based applications I believe that ISA can do the same, maybe even better in combination with a Sharepoint Portal server. However, one thing that could be useful in the ISA context is the enforcement of the endpoint security, but that's not specific to SSL VPN.
For other types of applications (client/server) the SSL VPN must install some redirector software on the client to intercept the applications winsock requests. So, that's far from being a client-less solution. ![[Razz]](/image/smiles/tongue.gif)
The argument they often use against an IPSec based VPN solution doesn't hold true either. I agree that if you have to use a third-party IPSec client, then the SSL VPN 'sounds' easy, but if you use the build-in L2TP/IPSec client in Win2K and WinXP, I don't think it can be much easier.
Just some thoughts,
Stefaan
|
|
|
|
|
RE: SSL VPN - 19.Sep.2004 9:24:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Stefaan,
Very good! I had the impression from my own research of so-called "SSL VPN" solutions that they indeed were not clientless, and that they introduced layer service providers that would have the potential to break the client's TCP/IP stack. Is that your impression as well?
I agree that the built-in PPTP and L2TP/IPSec client makes it very easy to use VPN and when paired together with the ISA 2004 firewall's very strong user/group based access control and stateful application layer filtering for VPN connections, the level of security and ease of use is better, and certainly less expensive, than a dedicated "SSL VPN" solution.
Thanks!
Tom
|
|
|
|
|
RE: SSL VPN - 20.Sep.2004 4:19:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Stefaan,
Ouch! It seems that SSL VPNs could pose a significant security risk just by virtue of their implementation.
Then again, I don't think anyone rolls out an "SSL VPN" for security reasons -- they do it for ease of use and simplicity.
Thanks!
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
