Educause Security Discussion mailing list archives
Re: Cisco VPN concentrator Replacement Recommendation Needed
From: "Jenkins, Matthew" <matthew.jenkins () FAIRMONTSTATE EDU>
Date: Mon, 24 Mar 2008 11:49:49 -0400
The Cisco ASA does a good job at remote IPSEC VPN. We have a 5510 running anywhere from 20-100 concurrent connections. Getting it to authenticate against MS AD via LDAP so that we could assign users to tunnels based on AD group membership was a bit of a trick but we were able to do it. We also use it with RSA SecurID (RADIUS) and have no issues. I have not implemented SSL yet but have seen it run several years ago and it was pretty nice. We also have a 5540 running sometimes over 100 concurrent connections + firewalling our wireless with the remote IPSEC and you can't tell the load by looking at the CPU and memory use. The ASAs for us have been very stable and robust. Matt Matthew Jenkins Network/Server Administrator Fairmont State University 304.367.4955 Visit us online at www.fairmontstate.edu <http://www.fairmontstate.edu/> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of schilling Sent: Monday, March 24, 2008 10:58 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Cisco VPN concentrator Replacement Recommendation Needed Hi all, We are considering replacing our current VPN concentrator since it's EOL. Now our main consideration is either Cisco ASA5520/ASA5540 or Juniper SA2000/SA4000. Our Core network is Cisco centric for now, the VPN is primarily IPSec remote access with few site-to-site tunnels. We would like to use SSL VPN for the future. We did some evaluation last year on Juniper SA2000, it's really impressive in terms of Role Mapping with LDAP authentication(We have campus wide iPlanet LDAP infrastructure). Would you kindly share your thoughts on the VPN solutions? Thanks. Sincerely, Schilling
Current thread:
- Cisco VPN concentrator Replacement Recommendation Needed schilling (Mar 24)
- <Possible follow-ups>
- Re: Cisco VPN concentrator Replacement Recommendation Needed Consolvo, Corbett D (Mar 24)
- Re: Cisco VPN concentrator Replacement Recommendation Needed Julian Y. Koh (Mar 24)
- Re: Cisco VPN concentrator Replacement Recommendation Needed Jenkins, Matthew (Mar 24)
- Re: Cisco VPN concentrator Replacement Recommendation Needed Avdagic, Indir (Mar 24)
- Re: Cisco VPN concentrator Replacement Recommendation Needed Brock, Anthony - NET (Mar 24)
- Re: Cisco VPN concentrator Replacement Recommendation Needed Russ Leathe (Mar 24)
- Re: Cisco VPN concentrator Replacement Recommendation Needed schilling (Mar 24)