Stephen,
SSL vpn is used for remote users logging in to your network remotely.
Although it could solve some of your problems on the remote access side
as well as your wireless network side, it might not be the right
solution if you have a big enough network. I assume that the vpn
portion of of SSL stays the same in that all vpn traffic has to end up
at the vpn concentrator(s) at some point or another due to the fact that
the encryption will take place between the client and concentrator. (I
might be mistaken here on this since I do not work with the VPN
concentrator so much).
Using 802.1X the authentication will go from client to AP to Radius to
Authentication mechanism (LDAP, AD, etc) all of which are the same as
VPN. Once the authentication takes place the traffic will no longer go
to the concentrators for encryption purposes, which eliminates the
chance of a potential bottleneck at the concentrator. The encryption
now takes place between the AP and the client. You might still have the
potential for a bottleneck at the controller if you are implementing
LightWeight AP Protocol (lwapp) because then all your traffic now has to
go to the controllers. Although this solution might add overhead, but
one device will control traffic for internal users, while another
controls traffic for external users.
Please keep in mind that this solution is more scalable for larger
networks. If your network is small enough you should be able to get
away with SSL VPN.
Thanks.
Jorge Bodden
Stephen Holland wrote:
I would like to know if anybody is using SSL vpn as an
authentication/encryption mechanism for wireless and how successful they
have been deploying it.
Also, I would be curious to know what other folks think about implementing
802.1x. Specifically do you believe this is something that will be
required in the next couple of years to support evolving technology like
VoIP phones?.
I'm trying to decide if I should deploy an SSL vpn solution without
deploying 802.1x. My instinct tells me to plan for 802.1x but I would be
curious to hear what others think.
Thanks
Stephen Holland
Network Engineer
Northeastern University
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
--------------------
This electronic message is intended to be for the use only of the named
recipient, and may contain information that is confidential or privileged. If
you are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution or use of the contents of this message is
strictly prohibited. If you have received this message in error or are not the
named recipient, please notify us immediately by contacting the sender at the
electronic mail address noted above, and delete and destroy all copies of this
message. Thank you.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
