Security Basics mailing list archives
Re: SSL VPN
From: Albert Gonzalez <albertg () cerveau us>
Date: Wed, 16 Jan 2008 22:37:52 -0600
Lauren,In order for the client to be able to communicate with machines on the internal network, it as well has to have an IP from the company. SSL VPN's in my experience usually create a TUN/TAP device and tunnel are your traffic through it. Your client will receive (usually via dhcp) an IP within your endpoint.
Kartik,I personally like the SSL solutions that allow you to provide thin clients for the main applications the majority of your users use on a day to day basis.... s3270, Mail, Web, etc.... That way you won't have to provide remote desktop capabilities to the users and/or have pieces of software scattered everywhere. I run my SSL VPN through my ASA at home, but I don't notice the cpu utilization as my implementation is small. I have seen many folks implement openvpn and loving it.
Hope that helps. - Albert Malhoit, Lauren wrote:
Question about the SSL VPN implementation...I know that with traditional VPN's you end up taking an IP from the company. When you are using SSL VPN, do you keep your own IP from your ISP or do you still pick one up from the company? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of TVB NOC Sent: Tuesday, January 15, 2008 12:04 PM To: Kartik; security-basics () securityfocus com Subject: RE: SSL VPN I would look towards the Citrix Access Gateway solution and placing iton the DMZ.If you are concerned about the utilization of the ASA, no matter what solution you implement you should consider placing the SSL device onyour DMZ and using NAT...Hope this helps...
--Success comes to the person who does today, what you are thinking of doing tomorrow.
Current thread:
- SSL VPN Kartik (Jan 15)
- RE: SSL VPN TVB NOC (Jan 15)
- RE: SSL VPN Malhoit, Lauren (Jan 15)
- RE: SSL VPN Paul Hosking (Jan 16)
- Re: SSL VPN Jurgen Vermeulen (Jan 16)
- Re: SSL VPN Albert Gonzalez (Jan 17)
- RE: SSL VPN Malhoit, Lauren (Jan 15)
- RE: SSL VPN m.farid.shawara (Jan 21)
- RE: SSL VPN TVB NOC (Jan 15)
- Re: SSL VPN Tremaine Lea (Jan 15)
- Re: SSL VPN Jason Thompson (Jan 15)
- RE: SSL VPN Alex (Jan 15)
- Re: SSL VPN Ivan . (Jan 16)
- Re: SSL VPN mgk.mailing (Jan 17)
- Re: SSL VPN Edy Lie (Jan 17)
- Re: SSL VPN Jason Thompson (Jan 15)