Re: Cisco VPN concentrator Replacement Recommendation Needed

["Jenkins, Matthew" <matthew.jenkins () FAIRMONTSTATE EDU>]

The Cisco ASA does a good job at remote IPSEC VPN.  We have a 5510
running anywhere from 20-100 concurrent connections.  Getting it to
authenticate against MS AD via LDAP so that we could assign users to
tunnels based on AD group membership was a bit of a trick but we were
able to do it.  We also use it with RSA SecurID (RADIUS) and have no
issues.  I have not implemented SSL yet but have seen it run several
years ago and it was pretty nice.  We also have a 5540 running sometimes
over 100 concurrent connections + firewalling our wireless with the
remote IPSEC and you can't tell the load by looking at the CPU and
memory use.  The ASAs for us have been very stable and robust.

 

Matt

 

Matthew Jenkins
Network/Server Administrator
Fairmont State University
304.367.4955
Visit us online at www.fairmontstate.edu <http://www.fairmontstate.edu/>


 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of schilling
Sent: Monday, March 24, 2008 10:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Cisco VPN concentrator Replacement Recommendation
Needed

 

Hi all,

We are considering replacing our current VPN concentrator since it's
EOL. Now our main consideration is either Cisco ASA5520/ASA5540 or
Juniper  SA2000/SA4000. Our Core network is Cisco centric for now, the
VPN is primarily IPSec remote access with few  site-to-site tunnels. We
would like to use SSL VPN for the future. We did some evaluation last
year on Juniper SA2000, it's really impressive in terms of  Role Mapping
with LDAP authentication(We have campus wide iPlanet LDAP
infrastructure).  Would you kindly share your thoughts on the VPN
solutions?

Thanks.

Sincerely,

Schilling