mike2401
asked on
"Client-less" vpn? No native IPSEC in XP/Vista/Win7? (Hate'n Cisco client software)
Hello Everyone!
We have a cisco vpn concentrator which requires installation of the cisco vpn client software. Currently, only a hand-full of lan-admin folks use it, and it works fine.
We are interested in rolling out vpn to our user community, and blocking all ports except RDP to particular servers on our network.
We don't want to have end-users install what we consider to be somewhat heavy cisco client software.
Someone suggested we buy a cheap linksys router which supports IPSEC VPN, but out IT-guy who researched it read that the only "client-less" windows vpn protocols are PPTP and L2TP, while the stand-a-lone routers only support IPSec. Therefore, he suggested we bring up PPTP on our isa server.
Question: is that true?
Not that I'm hating ISA, but I was kinda looking forward to a hardware router that wouldn't require windows updates.
Also, can anyone suggest a router for under $100 that we can trial for just a hand full of users to get our feet wet with this concept? Remember: we want a lightweight solution that doesn't require installing client software on the user's home pc's, and that will talk to a cheap, stand-a-lone router.
All comments would be very much appreciated,
Thanks,
Mike
We have a cisco vpn concentrator which requires installation of the cisco vpn client software. Currently, only a hand-full of lan-admin folks use it, and it works fine.
We are interested in rolling out vpn to our user community, and blocking all ports except RDP to particular servers on our network.
We don't want to have end-users install what we consider to be somewhat heavy cisco client software.
Someone suggested we buy a cheap linksys router which supports IPSEC VPN, but out IT-guy who researched it read that the only "client-less" windows vpn protocols are PPTP and L2TP, while the stand-a-lone routers only support IPSec. Therefore, he suggested we bring up PPTP on our isa server.
Question: is that true?
Not that I'm hating ISA, but I was kinda looking forward to a hardware router that wouldn't require windows updates.
Also, can anyone suggest a router for under $100 that we can trial for just a hand full of users to get our feet wet with this concept? Remember: we want a lightweight solution that doesn't require installing client software on the user's home pc's, and that will talk to a cheap, stand-a-lone router.
All comments would be very much appreciated,
Thanks,
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There are different implementation of SSL VPNs. Some want to install a piece of software as an network adapter (Juniper for instance). Most need to download and run Java applets. That has the advantage of getting full or restricted access to the network with usual software just by using a different IP address (most localhost addresses, 127.0.0.x).
Without such Java applets you only have "point-and-click" access, that is e.g. an especially prepared RDP object on a web page.
Without such Java applets you only have "point-and-click" access, that is e.g. an especially prepared RDP object on a web page.
the ASA5510 has apps for rdp, ssh, amongst others
u dont need to install anything on the client computer to use it
u dont need to install anything on the client computer to use it
Yes, that is the latter method I mentioned. Real client-free, but very restricted (no database connection, network shares, FTP, ...).
network shares are an option and u can use smart tunneling and port forwarding for the ssl vpn portal clients for forwarding all sorts of things.
I like the ASA setup.
I like the ASA setup.
ASA seems to be more flexible than what I have been presented before ...
ASKER
Thank you everyone.
Since we already have microsoft ISA servers, we decided to use that for end-user vpn's.
Then, we'll restrict where and on what ports they can go using our cisco 6509.
It's a shame we have the impression that cisco's vpn client is heavy and too complicated for installation on home user's pc's.
I would have preferred to use the cisco vpn concentrator that we already own and not microsoft software (server needs reboots for windows updates, etc.)
Anyway, I very much appreciated everyone's input.
Regards,
Mike
Since we already have microsoft ISA servers, we decided to use that for end-user vpn's.
Then, we'll restrict where and on what ports they can go using our cisco 6509.
It's a shame we have the impression that cisco's vpn client is heavy and too complicated for installation on home user's pc's.
I would have preferred to use the cisco vpn concentrator that we already own and not microsoft software (server needs reboots for windows updates, etc.)
Anyway, I very much appreciated everyone's input.
Regards,
Mike
ASKER
Thanks!
ASKER
Mike