Re: SSL VPN

[Albert Gonzalez <albertg () cerveau us>]

Lauren,

In order for the client to be able to communicate with machines on the 
internal network, it as well has to have an IP from the company. SSL 
VPN's in my experience usually create a TUN/TAP device and tunnel are 
your traffic through it. Your client will receive (usually via dhcp) an 
IP within your endpoint.

Kartik,

I personally like the SSL solutions that allow you to provide thin 
clients for the main applications the majority of your users use on a 
day to day basis.... s3270, Mail, Web, etc.... That way you won't have 
to provide remote desktop capabilities to the users and/or have pieces 
of software scattered everywhere. I run my SSL VPN through my ASA at 
home, but I don't notice the cpu utilization as my implementation is 
small. I have seen many folks implement openvpn and loving it.

Hope that helps.

- Albert

Malhoit, Lauren wrote:
> Question about the SSL VPN implementation...I know that with traditional
> VPN's you end up taking an IP from the company.  When you are using SSL
> VPN, do you keep your own IP from your ISP or do you still pick one up
> from the company?
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of TVB NOC
> Sent: Tuesday, January 15, 2008 12:04 PM
> To: Kartik; security-basics () securityfocus com
> Subject: RE: SSL VPN
>
> I would look towards the Citrix Access Gateway solution and placing it
> on the DMZ. 
>
> If you are concerned about the utilization of the ASA, no matter what
> solution you implement you should consider placing the SSL device on
> your DMZ and using NAT... 
>
> Hope this helps...

--
Success comes to the person who does today, what you are thinking of 
doing tomorrow.