Re: Cisco VPN concentrator Replacement Recommendation Needed

["Brock, Anthony - NET" <Anthony.Brock () OREGONSTATE EDU>]

We recently replaced our 3000 with an ASA5540. While I've had issues
using the ASA series for L2L connections, it has worked very well for us
as a terminator for remote client connections. We initially encountered
several bugs in the 8.x series of code, but most of them have been
resolved at this point. Also, the AnyConnect client (SSL) has proven to
be a nice alternative to Cisco client for unsupported platforms and when
trying to work past issues we either couldn't identify or resolve.

 

Tony

 

P.S. Most of my issues with L2L tunnels have been the results of some
fairly specific requirements at our site. It isn't likely that these
limitations will be an issue for you.

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of schilling
Sent: Monday, March 24, 2008 7:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Cisco VPN concentrator Replacement Recommendation
Needed

 

Hi all,

We are considering replacing our current VPN concentrator since it's
EOL. Now our main consideration is either Cisco ASA5520/ASA5540 or
Juniper  SA2000/SA4000. Our Core network is Cisco centric for now, the
VPN is primarily IPSec remote access with few  site-to-site tunnels. We
would like to use SSL VPN for the future. We did some evaluation last
year on Juniper SA2000, it's really impressive in terms of  Role Mapping
with LDAP authentication(We have campus wide iPlanet LDAP
infrastructure).  Would you kindly share your thoughts on the VPN
solutions?

Thanks.

Sincerely,

Schilling