On 10/23/2011 9:34 AM, Edward Ned Harvey wrote:
From: [email protected] [mailto:[email protected]]
On Behalf Of Doug Hughes
What are people using these days for VPN concentrators? seems like Cisco
3000 series is still out there in force, and very inexpensively
available on the aftermarket. Even the 3060 (which was probably state of
the art for 2004). vpnc and the broad availability of clients makes them
seem like still a solid choice.
So, what exactly are you calling a concentrator? And why vpnc / IPSec? I
would strongly lean toward openconnect / anyconnect / SSL instead of IPSec,
just due to better support& compatibility& ability to traverse proxies and
firewalls.
Then, of course, there are all these other products such as riverbed and
expand networks. Depends on what your traffic looks like.
the requirement is for remote access by single-user workstation
employees. Ease of install and maintenance is important. vpnc is nice
because the 3000 series allowed for complete, centralized, remote
administration of security policy for Linux (what protocols are allowed
to connect, what things can be bridged to the VPN connection, what other
packages or patches might need to be installed, etc.)
concentrator: a box on our end that terminates all remote client VPN
endpoints.
ability to do NAT-T (if IPSEC based) is definitely a plus, maybe even
required.
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
