Re: SSL VPN

["Patrick Beam" <patrick.beam () gmail com>]

It really sounds like cost is a big factor in your decision.  I would
personally stick with an IPSEC VPN on a cisco device.  Be it a PIX 515
or a newer ASA device.  By using IPSEC you are going to save a ton of
money because with cisco and all of the other vendors you are going to
pay per user for SSL.  If you manage the machines the users are
connecting with then there shouldn't be any problem getting that ipsec
client installed.  As well I think IPSEC has much less administrative
over head.

On Jan 17, 2008 10:46 AM, Jurgen Vermeulen <jurgen () vermeulen-debondt be> wrote:
> Chad Loder wrote:
> > My whole point is that IPSEC does not require a client. So what
> > are the *other* reasons for wanting to move to an SSL VPN?
> The most important argument being you can use it from almost anywhere.
> An IPSEC implementation needs the correct ports opened at firewall level
> (not even mentioning PPTP and NAT), while an SSL works almost everywhere
> where you can surf. You can get access from any cyber cafe if you want to.
>
> I for one am frequently at a customer's site. I've got both a
> SecureClient and Juniper SSL access. In case you're allowed to plug your
> laptop into the customer's network (which doesn't happen often and is
> understandable), you mostly don't have the option to connect your IPSEC
> VPN, but https access is normally not a problem in this case. If you
> can't connect your pc, you setup your VPN from a pc of the customer to
> check your mails, which you can't do with your IPSEC VPN.
>
> Grtz,
> Jurgen