To make a long story short, our buggy and ageing Citrix Netscaler servers died this week. I wanted to take the opportunity to help propose a better VPN solution. The size of the enterprise would be less than 300 users.
The requirements of this VPN is:
1. It MUST RSA token security for authentication to the VPN tunnel.
2. It must have strong encryption (AES-256, IPSEC etc.)
2. It would be totally software based. We would place a virtual server in our DMZ to host this server.
3. It would be acceptable if our users had to install a small client on their desktop to access this VPN.
4. Once conneted and authenticated, it has to allow users to connect to our exchange 2013 servers and webmail.
5. We would like to authentiated users to connect to our Internal SharePoint site
6. We would like elevated users to be able to connect to RDP so they can access more of our internal network.
7. Users MUST be able to access Exchange webmail on their iPhone device (only device supported) , we already have this working capability with Exchange ActiveSync however we needed the two factor authentication and work through citrix xenmobile which is now doesn't work because our netscale server died.
8. Cost of the VPN software isn't a big factor, customer has deep pockets. We just don't want to loose existing funcitonality we had with the Citrix.
Does such a product exisit?? I really hope to present management a good alterntive to our dead Netscaler server very soon.