Educause Security Discussion mailing list archives
Re: Campus VPN Services
From: Mike Iglesias <iglesias () DRACO ACS UCI EDU>
Date: Wed, 20 Aug 2003 17:20:29 -0700
We're planning to complete our study, but at present a solution based on a mainstram (let's call it brand 'C') VPN concentrator looks appealing, for the following reasons, among others:
We are using brand 'C', and require everyone to use the brand 'C' clients. We support clients for Windows, Mac OS X, and Linux. That takes care of almost all the users that need to use it. We've had a few requests for a client for Mac OS 9, but that's $120 per client so most people say forget it. We have people using it for bypassing the NetBIOS blocks at the campus border router, and to access off-campus resources that limit access to campus IP addresses. Our concentrator can handle up to 5000 concurrent sessions, but so far it hasn't gone above about 130. We've had it in place since early November. We have two configurations setup, one that routes only the traffic headed for campus to the VPN and one that routes all traffic thru the VPN - the latter is used primarily for accessing the off-campus resources mentioned above. It's pretty easy to include the prebuilt configuration files with the brand 'C' clients, so our users just have to install the software packages that we built with the config files and they're ready to go.
- Our expectation is that by remaining with a mainstream VPN, its clientware will tend to remain more predictably current with OS releases, offer comparable pre-deployment configuration options, and high general supportability, compatibility.
We've had a few client issues, mostly with Mac OS X. Things were kind of rough around the edges when we first started using it, but it has gotten better with each release. One issue we've had is ISPs blocking the IKE/IPSec ports, and then the client fails trying to connect to the concentrator. We've been able to get around this in almost all cases by using IPSec over TCP. There have been a few times where even that didn't work, but then things start working again a week or so later. We've only seen this with Cox, around the time they decided to block all smtp traffic except to their servers. Mike Iglesias Email: iglesias () draco acs uci edu University of California, Irvine phone: 949-824-6926 Network & Academic Computing Services FAX: 949-824-2069 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Campus VPN Services Angel L Cruz (Aug 20)
- <Possible follow-ups>
- Re: Campus VPN Services Gary Dobbins (Aug 20)
- Re: Campus VPN Services Mike Iglesias (Aug 20)
- Re: Campus VPN Services Mark Poepping (Aug 20)
- Re: Campus VPN Services Mike Iglesias (Aug 20)
- Re: Campus VPN Services Mark Poepping (Aug 20)
- Re: Campus VPN Services Michael Sinatra (Aug 21)
- Re: Campus VPN Services Mike Iglesias (Aug 21)
- Re: Campus VPN Services Matthew Keller (Aug 21)
- Re: Campus VPN Services H. Morrow Long (Aug 21)
- Re: Campus VPN Services Mark Poepping (Aug 22)
- Re: Campus VPN Services Mike Iglesias (Aug 22)
- Re: Campus VPN Services H. Morrow Long (Aug 22)
(Thread continues...)