We've had very good luck with 802.1x over EAP-TLS and EAP-PEAP. PEAP has been great on WinXP and Mac and offering both provides options for Linux or Palm and PPC. However devices like NintendoDS or Sony Aibo are left without options. SSL VPN with proxy and a "network port connect" option may provide more flexibility there. With many systems like Enterasys, Meru, Trapeze, etc it is possible to set multiple ESSID's up on your AP's with different security policies so using SSL VPN for your common devices and later offering 802.1x WPA etc for phones or whatever other devices you have may be the best way to go if you don't want to go only 1x. We have been testing an Aventail SSL VPN box in our lab for a while now using all three connect options, the proxy, the clientless web based port mapping and the "hard client." I've been quite pleased so far and could see this device replacing our aging PPTP VPN for remote users. It would work quite well for wireless. Mike - Michael G. Ruiz, ESSE ACP A+ Network and Systems Engineer Hobart and William Smith Colleges Information Technology Services P.315-781-3711 F.315-781-3409 Team Leader: Derek Lustig ([EMAIL PROTECTED]) Did you know that HWS Students, Faculty, Staff, Alums, etc can purchase computers, accessories, electronics and software at a discount through our partner CDW-G? http://www.cdwg.com/hws/ -
________________________________ From: Jamie A. Stapleton [mailto:[EMAIL PROTECTED] Sent: Tue 6/13/2006 5:21 PM To: [email protected] Subject: Re: [WIRELESS-LAN] SSL VPN over wireless If you have a chance during the demos, I would love to know what you find out about network connect working with Linux, Mac, etc. Our current SSL VPN requires Windows and IE for network connect. -----Original Message----- From: Foggi, Nicola [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 13, 2006 5:13 PM To: [email protected] Subject: Re: [WIRELESS-LAN] SSL VPN over wireless We are actually researching this current idea right now. Between 802.1x and the SSL VPN we are leaning towards the SSL VPN with what some vendors call "network connect" application that's delivered via the web login. Our goal is not have to deal with the problems of 802.1x clients across different students laptops as we don't control what they bring, at the same time provide as close to zero configuration required to get on the wireless. Our current method is WEP with a NetReg type system, so while it's a one time setup, then just a login, we were interessted in seeing how much easier we can make it. In reviewing the numerous SSL VPN's out there, we're leaning towards the ones that can deliver the network connect client (so most if not all applications work) via the web vs a fat client, so students don't have to install anything... I'll let you know how our demo's go! Nicola Foggi Networks and Telecom DePaul University -----Original Message----- From: Stephen Holland [mailto:[EMAIL PROTECTED] Sent: Tue 6/13/2006 4:00 PM To: [email protected] Subject: [WIRELESS-LAN] SSL VPN over wireless I would like to know if anybody is using SSL vpn as an authentication/encryption mechanism for wireless and how successful they have been deploying it. Also, I would be curious to know what other folks think about implementing 802.1x. Specifically do you believe this is something that will be required in the next couple of years to support evolving technology like VoIP phones?. I'm trying to decide if I should deploy an SSL vpn solution without deploying 802.1x. My instinct tells me to plan for 8021x but I would be curious to hear what others think. Thanks Stephen Holland Network Engineer Northeastern University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
