Re: Cisco Clean Access & Impulse Point...

[Michael Grinnell <grinnell () AMERICAN EDU>]

I'm curious as to which part of the VPN client you are referring to.
As a new implementation, we have no experience with any version
before 3.4.3, but the VPN functionality was a big selling point for
us.  From what we can see in the docs, it does seem to still support
using the server as a L2TP endpoint, although it requires the use of
a third-party IPSEC snapin for the OS.

Thanks,

Michael Grinnell
Network Security Administrator
The American University
e-mail: grinnell () american edu

On Jul 17, 2005, at 3:27 PM, Dave Koontz wrote:

> I am also curious about their pricing model as well.
>
> Since Cisco took over Perfigo, our annual maintenance fee went up
> over 400%!  To add salt to the wound, they also completely removed
> the VPN client and functionality from the device in favor of their
> own VPN Concentrator... at of course significantly higher fees.  We
> used this feature for our Wireless clients.
>
> I believe Cisco only purchased Perfigo because of their market
> penetration.  In the several talks with our Cisco sales and tech
> reps, it seems pretty clear that Cisco has no real vision of this
> product in their future, it is only a stepping stone to get
> everyone converted to their more costly NCA product line... which
> is not only more expensive but also requires Cisco switches end-to-
> end.  We looked at Cisco's Security Agent before purchasing
> Perfigo... not only did it not do everything we needed, but had a
> cost of over $80 per student.  Their purchase of Perfigo seems only
> to be a way for Cisco to come back and force colleges to pay their
> outrageous fees and to squash any cheaper competition... ala
> Microsoft tactics.
>
> We have now resigned ourselves to find another solution.. .and
> perhaps Impulse or another vendor is our ticket.  If anyone has
> other solutions they are using, please let me know.
>
> From: Schmitt, Dianne [mailto:dschmitt () JJC EDU]
> Sent: Friday, July 15, 2005 5:43 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point...
>
> What pricing do they offer, better than Clean Access?
>
>
>
> Dianne Schmitt
>
>
>
> Assoc VP Information Technology
>
> Joliet Junior College
>
> 1215 Houbolt Rd.
>
> Joliet, IL 60431-8938
>
>
>
> Phone:  815.280.6641
>
> Fax:  815.280.2668
>
> From: Gibbs, Aaron M. [mailto:AMGibbs () ST-AUG EDU]
> Sent: Thursday, July 14, 2005 4:49 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point...
>
>
> We're looking at implementing Impulses device. We looked at the
> Bradford Campus Manager, which has great functionality. However,
> Impulse Point also has great functionality that is similar to the
> Campus Manager coupled with a good price point. I'd be interested
> also in knowing others experiences with Impulse Point.
>
> Aaron M Gibbs
> Interim Vice President/CIO
> Center for Information Technology
> St. Augustine's College
> 919-516-4379 (Office)
> 919-516-4382 (Fax)
> amgibbs () st-aug edu
> www.st-aug.edu
>
> -----Original Message-----
> From: Michael Cole [mailto:mcole () CLARKU EDU]
> Sent: Thursday, July 14, 2005 3:58 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point...
>
> FYI for the list:
>
>     We've been using a product called Campus Manager to the past
> few years from Bradford networks, www.bradfordnetworks.com  they're
> a small start up in NH but they've been growing and have an awesome
> product that sits off line and is very flexible in what it can do
> based on what you want/need.  It does both network registration and
> remediation/quarantine functions.  It's worth looking into if your
> looking for a solution.  We've been very happy with it.
>
> Mike
>
> Michael A. Cole
> Network Engineer, Information Technology Services
> Clark University, Worcester MA  01610
> 508.793.7772
> Mcole () clarku edu
>
> -----Original Message-----
> From: Mark Staples [mailto:mstaples () MAIL MCG EDU]
> Sent: Thursday, July 14, 2005 3:41 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Cisco Clean Access & Impulse Point...
>
> Anyone pilot both CCA and Impulse Point (http://www.impulse.com/)?
> Impulse Point was designed for higher ed and is priced very
> attractively.  So far, we've only seen presentations and nothing live.
> Any feedback would be great.
>
> Mark
>
> -----
> Mark Staples
> Director of Information Security/Chief Information Security Officer
> IT Research Liaison
> Medical College of Georgia
> Office: 706-721-1577
> mstaples () mcg edu
>
> --------
>
> All information in the communication, including attachments, is
> strictly confidential and intended solely for delivery to the
> addressee(s) identified above (ie, To/cc/bc), and may contain
> privileged, confidential, proprietary and /or intellectual property
> entitled to protection from disclosure under applicable law.  If
> you are not the intended recipient, please take note that any use,
> distribution or copying of this communication is unauthorized and
> may be unlawful.  If you have received this communication in error,
> please notify the sender, delete this correspondence from your
> computer, and destroy any printed copies of this communication.
>
> >>> franklin () TXSTATE EDU 07/14/05 3:13 PM >>>
> This is a response from our network lead who implemented CCA a
> month or
> so ago:
>
> I got tired of trying to keep up with the IP's used for windows
> update.
> Using the host names is much better, but even then it's a moving
> target.
> Microsoft sometimes adds new sub domains and in the latest version of
> the update page it's a url under microsoft.com.
>
> We are allowing traffic to everything ending in microsoft.com and
> g.msn.com. That way the updates always work (so far) and students can
> search for and download patches manually. There are cases when windows
> update claims that a machine is fully patched but it is still missing
> something. The helpdesk can tell what's missing from the reports
> and the
> student can search for KBxxxx and download and install it manually.
>
> Anders Engle
> Systems Programmer I
> Texas State University
>
> -----Original Message-----
> From: Flagg, Martin D. [mailto:FlaggMD () HIRAM EDU]
> Sent: Thursday, July 14, 2005 1:13 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Windows Updates and Cisco Clean Access
>
>
> We are implementing Cisco Clean Access (formally Perfigo).  It has
> gone
> really well but we keep coming up with problems with Windows
> Update, it
> fails because CCA is blocking the IP.  When this happens, I use a
> sniffer and add the new IP address that Microsoft is using and then it
> works, until they change address's again.  Cisco says use the Host
> setting allowing requests that end in "update.microsoft.com".  This
> does
> not always work.
>
> I am really at a loss because it works for 95% of the machines but
> I can
> not afford to have 5% of the students in my office when they get back
> from the summer.
>
> Any Ideas?
>
> Martin Flagg
> Hiram College