> From: Doug Hughes [mailto:[email protected]] > > the requirement is for remote access by single-user workstation > employees. Ease of install and maintenance is important. vpnc is nice > because the 3000 series allowed for complete, centralized, remote > administration of security policy for Linux (what protocols are allowed > to connect, what things can be bridged to the VPN connection, what other > packages or patches might need to be installed, etc.) > > concentrator: a box on our end that terminates all remote client VPN > endpoints. > > ability to do NAT-T (if IPSEC based) is definitely a plus, maybe even > required.
Sounds like a nothing-special basic vpn server to me. Such as an ASA 5505. You can do all that on basically any VPN server I can think of. Using basically any protocol (IPSec/vpnc, SSL/anyconnect/openconnect, etc) I am a fan of the 5505 with anyconnect essentials. If you want to enable security policy beyond just permitted ports/protocols/ip addresses, then you might need anyconnect licenses higher than essentials. To enforce antivirus, and client security such as secure data destruction after tunnel closes, and enforce client system updates are current, etc. _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
