Educause Security Discussion mailing list archives
Re: Campus VPN Services
From: Michael Sinatra <michael () RANCID BERKELEY EDU>
Date: Thu, 21 Aug 2003 09:55:14 -0700
On Wed, 20 Aug 2003, Mike Iglesias wrote:
We're planning to complete our study, but at present a solution based on a mainstram (let's call it brand 'C') VPN concentrator looks appealing, for the following reasons, among others:We are using brand 'C', and require everyone to use the brand 'C' clients. We support clients for Windows, Mac OS X, and Linux. That takes care of almost all the users that need to use it. We've had a few requests for a client for Mac OS 9, but that's $120 per client so most people say forget it. We have people using it for bypassing the NetBIOS blocks at the campus border router, and to access off-campus resources that limit access to campus IP addresses. Our concentrator can handle up to 5000 concurrent sessions, but so far it hasn't gone above about 130. We've had it in place since early November. We have two configurations setup, one that routes only the traffic headed for campus to the VPN and one that routes all traffic thru the VPN - the latter is used primarily for accessing the off-campus resources mentioned above. It's pretty easy to include the prebuilt configuration files with the brand 'C' clients, so our users just have to install the software packages that we built with the config files and they're ready to go.
We're looking at brand C also, largely following Mike's lead at UCI. So far things are working out fairly well (although we've had a few issues installing the client on ancient windows laptops). One annoying thing is that the brand C VPN concentrator doesn't use the same OS as brand C's other products (like their routers for example). The CLI on the concentrator is a bit clunky, too, and the documentation is way below brand C's usually high standards. I know that brand C makes VPN modules for their routers, which can be configured to provide services for the same clients as the concentrator. Has anyone had experiences with this? According to our brand C rep, the performance specs on the router modules is actually higher than that of the concentrator, but I don't think we'll have many more than a couple hundred sessions at a time. Since we have the concentrator working, we might just stick with that, but it would be nice to be able to configure a VPN using a more standard brand C OS. michael ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Campus VPN Services Angel L Cruz (Aug 20)
- <Possible follow-ups>
- Re: Campus VPN Services Gary Dobbins (Aug 20)
- Re: Campus VPN Services Mike Iglesias (Aug 20)
- Re: Campus VPN Services Mark Poepping (Aug 20)
- Re: Campus VPN Services Mike Iglesias (Aug 20)
- Re: Campus VPN Services Mark Poepping (Aug 20)
- Re: Campus VPN Services Michael Sinatra (Aug 21)
- Re: Campus VPN Services Mike Iglesias (Aug 21)
- Re: Campus VPN Services Matthew Keller (Aug 21)
- Re: Campus VPN Services H. Morrow Long (Aug 21)
- Re: Campus VPN Services Mark Poepping (Aug 22)
- Re: Campus VPN Services Mike Iglesias (Aug 22)
- Re: Campus VPN Services H. Morrow Long (Aug 22)
- Re: Campus VPN Services H. Morrow Long (Aug 22)