Avatar of freemchr
freemchr asked on

Aventail SSL VPN vs. Cisco 3000 IPSec/WebVPN

Our company has been doing extensive research into VPN technology.  We currently connect employees into our network using dialup, so are about to proceed with broadband access via VPN.  We have no requirement as yet for site-to-site connectivity via the Internet.  

After some digging, we concluded that an SSL VPN would be the easiest, most cost-effective option, and also has the added benefit of allowing kiosk-based access (which greatly impressed management).  We trialed Aventail's EX-1500 and decided it was a good thing - it allowed browser-based access to any Web-enabled application, allowed most client/server applications to be accessed via a Java port forwarding applet (no client on the desktop), and also had an SSL-based Windows client for "power" users.  We loved the idea that we wouldn't have to go with an IPSec client for our "power" users, because we feared the issues associated with IPSec clients like support for IPSec tunnels/NAT etc from behind firewalls in hotels and other remote environmnents - pluss, we didn't want to have to maintain all those network configuration settings on a client-based piece of software.

Having said that, Cisco have now gone and released an IPSec/SSL blended VPN offering, which allows remote access to Web-enabled and most TCP client/server applications without any client on the user's desktop (via the SSL VPN half of the concentrator), and "power" users still need an IPSec client on their desktop.  It gives us the flexibility of remote access from anywhere with any device to to most things, however does have the downside of needing an IPSec client to be deployed and managed for "power" users.

I want to be sure that I am not being swayed by the marketing hype surrounding SSL VPNs - their existence is based upon hilighting the perceived "issues" with IPSec-based clients on the desktop.  My questions are:
1). Does anyone have any REAL experience with the Cisco 3000 series WebVPN features - do they work, are they robust, and how do they compare to Aventail's offering?  
2). Are the issues with NAT and firewall support at remote locations (e.g. hotels) for IPSec REAL or are they just theoretical possibilities that SSL VPN vendors are using to market their products?
3). Finally, are IPSec clients really that complex to manage?  What if a network configuration changes - do all clients have to be updated?
NetworkingHardware FirewallsInternet Protocol Security

Avatar of undefined
Last Comment
ministry92

8/22/2022 - Mon
ministry92

who is Aventail ?
ASKER CERTIFIED SOLUTION
PennGwyn

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes