a few differences: -bandwidth rate limiting (per user, per port), can your VPN do that? -enable MAC address authentication for devices that do not have a VPN client (WIFI phones,...) more are coming these days. -How do you distribute the VPN client before they can join the VPN concentrator? Gateways (like BlueSocket etc..) have web pages for that. -Simple Management of Access-Points (optional) - Patch-Level verification for Swiss-Cheese OSes before devices can join the network -Do you force all your subnets to go to the VPN? Most gateways have a Master-Slave architecture that facilitates deployments. A slave on every subnet a redundant master for the whole campus. It helps bandwidth tremendousely. -What do you do for small remote places on T-1s and DSL? (some vendors have small-form factors Slaves)
The VPN is a good idea (in Swizerland they use VPN to let visitors authenticate across campuses http://www.switch.ch/mobile) but it is more restrictive than Web Gateways. Philippe Hanset University of Tennessee On Thu, 9 Oct 2003, Bradford B. Saul wrote: > Our setup: > > AP -> VPN Concentrator -> RADIUS -> LDAP > > All AP's are on a Layer 2 only VLAN with the VPN as the only way out. We > have full RADIUS accounting which tracks addresses, starts, stops, data > rates. We are only allowing IP through the VPN, so that takes care of > protocols. Only users with valid LDAP credentials can auth. We require > VPN-encryption and disallow split-horizon. > > So with all that said, are there still differences I am missing??? > > Thanks.... > > Brad > > > > A vpn concentrator is exactly that, device that terminates vpn > > tunnels. The blue socket wireless gateway does much more than that. We > > use ours to ensure that no one gets anywhere past the edges of the wireless > > lan without a valid university account to authenticate at the box. Users > > can choose to or not to vpn-encrypt their session. The box logs addresses, > > it can allow only certain protocols to certain addresses, it's really a > > good product. Aside from some growing pains, we like ours. > > > > -Rick > > > > > > At 08:28 AM 10/9/2003, Bradford B. Saul wrote: > >> Ok, so what is the real difference between Bluesocket and a VPN > >> concentrator? They seem to perform the same function. Why would I use > >> Bluesocket vs. VPN? > >> > >> Brad > >> ----------------------------------- > >> Bradford B. Saul > >> Lead Network Engineer > >> IT - Network Engineering > >> Hoffman Hall Room 10, MSC 1401 > >> James Madison University > >> Harrisonburg, VA 22807 > >> V: (540) 568-2379 > >> F: (540) 568-1696 > >> M: (540) 435-3079 > >> [EMAIL PROTECTED] > >> > >> ********** > >> Participation and subscription information for this EDUCAUSE Constituent > >> Group discussion list can be found at http://www.educause.edu/cg/. > > > > -- > > Rick Coloccia > > Network Manager > > SUNY Geneseo > > 119 South Hall > > 1 College Circle > > Geneseo, NY 14454 > > Voice: (585) 245-5577 > > Fax:(585) 245-5579 > > > > ********** > > Participation and subscription information for this EDUCAUSE Constituent Group > > discussion list can be found at http://www.educause.edu/cg/. > > > > ----------------------------------- > Bradford B. Saul > Lead Network Engineer > IT - Network Engineering > Hoffman Hall Room 10, MSC 1401 > James Madison University > Harrisonburg, VA 22807 > V: (540) 568-2379 > F: (540) 568-1696 > M: (540) 435-3079 > [EMAIL PROTECTED] > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group > discussion list can be found at http://www.educause.edu/cg/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
