Re: The VPN question

[Julian Y Koh <kohster () NORTHWESTERN EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu Jun 30 07:01:57 2011 Central Time, "Bradley, Stephen W. Mr." <bradlesw () MUOHIO EDU> wrote:
> I have a question about the your VPNs.  Why so many roles?

Our traditional (aka IPSec, PPTP, L2TP/IPSec) VPN service is our general-purpose remote access VPN for anyone at the 
University.  There's no split tunneling on that service, and all users are placed in a large /21 address pool.

4+ years ago, we rolled out the SSL VPN specifically targeted at sysadmins, external vendors/consultants/collaborators, 
and users of sensitive applications/data so that we we could provide customized access rules for those different user 
groups.  This allows us to give out specific IPs for different groups, which makes firewall rules much tighter.  We can 
also do endpoint security compliance for groups that request it.  

- -- 
Julian Y. Koh                         <mailto:kohster () northwestern edu>
Manager, Network Transport                         <phone:847-467-5780>
Telecommunications and Network Services         Northwestern University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAk4MZ9sACgkQDlQHnMkeAWMFIQCgt1DgUb9PnQnx8hWAt0hk6KZg
W/AAoKqz8R0+xmR2nlNE/io6TPGDXB1/
=Pee1
-----END PGP SIGNATURE-----