Toivo, The SA Series absolutely supports IPsec if you are using Network Connect. It defaults to using IPsec and if that is not supported then it will fall back to SSL. Of course, NC is not as secure as W-SAM, J-SAM, or Core Access in terms of role and resource granularity control but the support for IPsec is absolutely there. HTHs. Stefan Fouant ------Original Message------ From: Voll, Toivo To: Chris Campbell To: Dawood Iqbal Cc: nanog@nanog.org Subject: RE: Best VPN Appliance Sent: Mar 8, 2010 11:56 AM We're generally happy with our Juniper SA6500s, but they, and a lot of the other SSL VPN vendor appliances will not support IPSec. Cisco's ASA does, but it's less feature-rich in the SSL VPN arena. The Juniper was the most mature and flexible of all the offerings we looked at, but also the most expensive, and it's not perfect either. Having migrated from Cisco's 3000 series appliances, the current SSL VPNs are a totally different mindset and about two orders of magnitude more complicated. Have a very good understanding of exactly what problem you're trying to solve with the product and what kind of policies and requirements you have to meet, or it's going to be a mess. I can answer more specific questions on our experiences and testing off-list. -- Toivo Voll University of South Florida Information Technology Communications -----Original Message----- From: Chris Campbell [mailto:Chris.Campbell@nebulassolutions.com] Sent: Friday, March 05, 2010 11:36 AM To: Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance The Juniper SA is by far and away the market leader and in my opinion the best end user experience. On 5 Mar 2010, at 15:57, Dawood Iqbal wrote:
Hello All,
Is it possible to get your ideas on what VPN appliances are good to have in enterprise network?
Requirements are;
SSL
IPSec
Client and Web VPN support (Win/MAC/iPhone/Android)
If webvpn is used, then when any user connects via webvpn, we should be able to re-direct him to any and ONLY specific application i.e SAP.
If 2 boxes are installed then they should replicate data seamlessly.
Regards,
dI
Sent from my Verizon Wireless BlackBerry
There is also the fact to consider that Cisco has said there will be no support for Windows 64-bit on their IPSEC client, they are pushing people to the AnyConnect (An SSL-based clientless IPSEC) who want to use Windows 64-bit or other OSs, so in the future the argument for having a separate box for client-based IPSEC will be moot. Orin -----Original Message----- From: Stefan Fouant [mailto:sfouant@shortestpathfirst.net] Sent: Monday, March 08, 2010 11:29 AM To: Voll, Toivo; Chris Campbell; Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance Toivo, The SA Series absolutely supports IPsec if you are using Network Connect. It defaults to using IPsec and if that is not supported then it will fall back to SSL. Of course, NC is not as secure as W-SAM, J-SAM, or Core Access in terms of role and resource granularity control but the support for IPsec is absolutely there. HTHs. Stefan Fouant ------Original Message------ From: Voll, Toivo To: Chris Campbell To: Dawood Iqbal Cc: nanog@nanog.org Subject: RE: Best VPN Appliance Sent: Mar 8, 2010 11:56 AM We're generally happy with our Juniper SA6500s, but they, and a lot of the other SSL VPN vendor appliances will not support IPSec. Cisco's ASA does, but it's less feature-rich in the SSL VPN arena. The Juniper was the most mature and flexible of all the offerings we looked at, but also the most expensive, and it's not perfect either. Having migrated from Cisco's 3000 series appliances, the current SSL VPNs are a totally different mindset and about two orders of magnitude more complicated. Have a very good understanding of exactly what problem you're trying to solve with the product and what kind of policies and requirements you have to meet, or it's going to be a mess. I can answer more specific questions on our experiences and testing off-list. -- Toivo Voll University of South Florida Information Technology Communications -----Original Message----- From: Chris Campbell [mailto:Chris.Campbell@nebulassolutions.com] Sent: Friday, March 05, 2010 11:36 AM To: Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance The Juniper SA is by far and away the market leader and in my opinion the best end user experience. On 5 Mar 2010, at 15:57, Dawood Iqbal wrote:
Hello All,
Is it possible to get your ideas on what VPN appliances are good to have in enterprise network?
Requirements are;
SSL
IPSec
Client and Web VPN support (Win/MAC/iPhone/Android)
If webvpn is used, then when any user connects via webvpn, we should be able to re-direct him to any and ONLY specific application i.e SAP.
If 2 boxes are installed then they should replicate data seamlessly.
Regards,
dI
Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: Blomberg, Orin P (DOH) [mailto:Orin.Blomberg@DOH.WA.GOV] Sent: Monday, March 08, 2010 11:37 AM To: sfouant@shortestpathfirst.net; Voll, Toivo; Chris Campbell; Dawood Iqbal Cc: nanog@nanog.org Subject: RE: Best VPN Appliance
There is also the fact to consider that Cisco has said there will be no support for Windows 64-bit on their IPSEC client, they are pushing people to the AnyConnect (An SSL-based clientless IPSEC) who want to use Windows 64-bit or other OSs, so in the future the argument for having a separate box for client-based IPSEC will be moot.
The beta 64-bit VPN client has been released, FYI. Mike
Thanks for the information. I am just going on what we have been formally told by our onsite Cisco engineers on several occasions. It may be that they were misinformed, or that they are trying to make the sell for AnyConnect Licensing, but I had been going with the facts I had. I am glad there is a 64-bit in beta, at least, now I don't have to migrate all those people off the ASAs right away. Orin -----Original Message----- From: Michael K. Smith - Adhost [mailto:mksmith@adhost.com] Sent: Monday, March 08, 2010 11:43 AM To: Blomberg, Orin P (DOH); sfouant@shortestpathfirst.net; Voll, Toivo; Chris Campbell; Dawood Iqbal Cc: nanog@nanog.org Subject: RE: Best VPN Appliance
-----Original Message----- From: Blomberg, Orin P (DOH) [mailto:Orin.Blomberg@DOH.WA.GOV] Sent: Monday, March 08, 2010 11:37 AM To: sfouant@shortestpathfirst.net; Voll, Toivo; Chris Campbell; Dawood Iqbal Cc: nanog@nanog.org Subject: RE: Best VPN Appliance
There is also the fact to consider that Cisco has said there will be no support for Windows 64-bit on their IPSEC client, they are pushing people to the AnyConnect (An SSL-based clientless IPSEC) who want to use Windows 64-bit or other OSs, so in the future the argument for having a separate box for client-based IPSEC will be moot.
The beta 64-bit VPN client has been released, FYI. Mike
Why would you migrate them away instead of buying a $150/$250 one-time license? tv ----- Original Message ----- From: "Blomberg, Orin P (DOH)" <Orin.Blomberg@DOH.WA.GOV> To: <nanog@nanog.org> Sent: Monday, March 08, 2010 1:50 PM Subject: RE: Best VPN Appliance Thanks for the information. I am just going on what we have been formally told by our onsite Cisco engineers on several occasions. It may be that they were misinformed, or that they are trying to make the sell for AnyConnect Licensing, but I had been going with the facts I had. I am glad there is a 64-bit in beta, at least, now I don't have to migrate all those people off the ASAs right away. Orin -----Original Message----- From: Michael K. Smith - Adhost [mailto:mksmith@adhost.com] Sent: Monday, March 08, 2010 11:43 AM To: Blomberg, Orin P (DOH); sfouant@shortestpathfirst.net; Voll, Toivo; Chris Campbell; Dawood Iqbal Cc: nanog@nanog.org Subject: RE: Best VPN Appliance
-----Original Message----- From: Blomberg, Orin P (DOH) [mailto:Orin.Blomberg@DOH.WA.GOV] Sent: Monday, March 08, 2010 11:37 AM To: sfouant@shortestpathfirst.net; Voll, Toivo; Chris Campbell; Dawood Iqbal Cc: nanog@nanog.org Subject: RE: Best VPN Appliance
There is also the fact to consider that Cisco has said there will be no support for Windows 64-bit on their IPSEC client, they are pushing people to the AnyConnect (An SSL-based clientless IPSEC) who want to use Windows 64-bit or other OSs, so in the future the argument for having a separate box for client-based IPSEC will be moot.
The beta 64-bit VPN client has been released, FYI. Mike
On Mon, Mar 8, 2010 at 11:50 AM, Blomberg, Orin P (DOH) <Orin.Blomberg@doh.wa.gov> wrote:
Thanks for the information. I am just going on what we have been formally told by our onsite Cisco engineers on several occasions. It may be that they were misinformed, or that they are trying to make the sell for AnyConnect Licensing, but I had been going with the facts I had.
It was neither, at least not specifically on the side of your engineers. Cisco had absolutely no plans to release a 64-bit IPSec client - not because they couldn't (they have had a working version for some time), but because they have been trying to kill off the product for years to try and migrate customers to their newer products (ie, AnyConnect). So your Cisco engineers were absolutely correct - at the time - in saying that there would never be a 64 bit version. Obviously it seems they have finally buckled to customer pressure (!) and release a 64 bit version, which is good news for everyone except whoever's job in Cisco it was to EOL the IPSec code. It's unfortunate that they didn't take the obvious approach and put IPSec into AnyConnect when it first came out, which would have avoided all of these issues. (I used to work for Cisco in the Security Technology Business Unit, but I don't any more so I'm obviously not speaking on behalf of anyone other than possibly myself!) Scott.
Can anyone tell me how to get the beta 64 bit client? Thanks. -----Original Message----- From: Scott Howard [mailto:scott@doc.net.au] Sent: Tuesday, March 09, 2010 12:47 PM To: Blomberg, Orin P (DOH) Cc: nanog@nanog.org Subject: Re: Best VPN Appliance On Mon, Mar 8, 2010 at 11:50 AM, Blomberg, Orin P (DOH) <Orin.Blomberg@doh.wa.gov> wrote:
Thanks for the information. I am just going on what we have been formally told by our onsite Cisco engineers on several occasions. It may be that they were misinformed, or that they are trying to make the sell for AnyConnect Licensing, but I had been going with the facts I had.
It was neither, at least not specifically on the side of your engineers. Cisco had absolutely no plans to release a 64-bit IPSec client - not because they couldn't (they have had a working version for some time), but because they have been trying to kill off the product for years to try and migrate customers to their newer products (ie, AnyConnect). So your Cisco engineers were absolutely correct - at the time - in saying that there would never be a 64 bit version. Obviously it seems they have finally buckled to customer pressure (!) and release a 64 bit version, which is good news for everyone except whoever's job in Cisco it was to EOL the IPSec code. It's unfortunate that they didn't take the obvious approach and put IPSec into AnyConnect when it first came out, which would have avoided all of these issues. (I used to work for Cisco in the Security Technology Business Unit, but I don't any more so I'm obviously not speaking on behalf of anyone other than possibly myself!) Scott.
On 09/03/2010 18:54, John Lightfoot wrote:
Can anyone tell me how to get the beta 64 bit client? Thanks.
Nick
On Mon, Mar 08, 2010 at 11:37:02AM -0800, Blomberg, Orin P (DOH) wrote:
There is also the fact to consider that Cisco has said there will be no support for Windows 64-bit on their IPSEC client, they are pushing people to the AnyConnect (An SSL-based clientless IPSEC) who want to use Windows 64-bit or other OSs, so in the future the argument for having a separate box for client-based IPSEC will be moot.
Cisco has released a beta version of their 64-bit IPSec client for Windows 7. -- Brandon Ewing (nicotine@warningg.com)
There is also the fact to consider that Cisco has said there will be no support for Windows 64-bit on their IPSEC client [...]
Amazingly, and to many people's great surprise, Cisco recently made available a beta version of the IPSEC VPN client that supports 64-bit. ~JasonG
If you can use 3rd party VPN clients the ShrewSoft IPSec client on Windows 7 works great with Cisco concentrators. http://www.shrew.net/software On Mon, Mar 8, 2010 at 1:37 PM, Blomberg, Orin P (DOH) <Orin.Blomberg@doh.wa.gov> wrote:
There is also the fact to consider that Cisco has said there will be no support for Windows 64-bit on their IPSEC client, they are pushing people to the AnyConnect (An SSL-based clientless IPSEC) who want to use Windows 64-bit or other OSs, so in the future the argument for having a separate box for client-based IPSEC will be moot.
Orin
-----Original Message----- From: Stefan Fouant [mailto:sfouant@shortestpathfirst.net] Sent: Monday, March 08, 2010 11:29 AM To: Voll, Toivo; Chris Campbell; Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance
Toivo,
The SA Series absolutely supports IPsec if you are using Network Connect. It defaults to using IPsec and if that is not supported then it will fall back to SSL. Of course, NC is not as secure as W-SAM, J-SAM, or Core Access in terms of role and resource granularity control but the support for IPsec is absolutely there.
HTHs.
Stefan Fouant ------Original Message------ From: Voll, Toivo To: Chris Campbell To: Dawood Iqbal Cc: nanog@nanog.org Subject: RE: Best VPN Appliance Sent: Mar 8, 2010 11:56 AM
We're generally happy with our Juniper SA6500s, but they, and a lot of the other SSL VPN vendor appliances will not support IPSec. Cisco's ASA does, but it's less feature-rich in the SSL VPN arena. The Juniper was the most mature and flexible of all the offerings we looked at, but also the most expensive, and it's not perfect either.
Having migrated from Cisco's 3000 series appliances, the current SSL VPNs are a totally different mindset and about two orders of magnitude more complicated. Have a very good understanding of exactly what problem you're trying to solve with the product and what kind of policies and requirements you have to meet, or it's going to be a mess. I can answer more specific questions on our experiences and testing off-list.
-- Toivo Voll University of South Florida Information Technology Communications
-----Original Message----- From: Chris Campbell [mailto:Chris.Campbell@nebulassolutions.com] Sent: Friday, March 05, 2010 11:36 AM To: Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance
The Juniper SA is by far and away the market leader and in my opinion the best end user experience.
On 5 Mar 2010, at 15:57, Dawood Iqbal wrote:
Hello All,
Is it possible to get your ideas on what VPN appliances are good to have in enterprise network?
Requirements are;
SSL
IPSec
Client and Web VPN support (Win/MAC/iPhone/Android)
If webvpn is used, then when any user connects via webvpn, we should be able to re-direct him to any and ONLY specific application i.e SAP.
If 2 boxes are installed then they should replicate data seamlessly.
Regards,
dI
Sent from my Verizon Wireless BlackBerry
+1 for the ShrewSoft Client for Windows 7. Works like a champ. Mike -----Original Message----- From: Jon Auer [mailto:jda@tapodi.net] Sent: Monday, March 08, 2010 2:54 PM To: Blomberg, Orin P (DOH) Cc: nanog@nanog.org Subject: Re: Best VPN Appliance If you can use 3rd party VPN clients the ShrewSoft IPSec client on Windows 7 works great with Cisco concentrators. http://www.shrew.net/software On Mon, Mar 8, 2010 at 1:37 PM, Blomberg, Orin P (DOH) <Orin.Blomberg@doh.wa.gov> wrote:
There is also the fact to consider that Cisco has said there will be no support for Windows 64-bit on their IPSEC client, they are pushing people to the AnyConnect (An SSL-based clientless IPSEC) who want to use Windows 64-bit or other OSs, so in the future the argument for having a separate box for client-based IPSEC will be moot.
Orin
-----Original Message----- From: Stefan Fouant [mailto:sfouant@shortestpathfirst.net] Sent: Monday, March 08, 2010 11:29 AM To: Voll, Toivo; Chris Campbell; Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance
Toivo,
The SA Series absolutely supports IPsec if you are using Network Connect. It defaults to using IPsec and if that is not supported then it will fall back to SSL. Of course, NC is not as secure as W-SAM, J-SAM, or Core Access in terms of role and resource granularity control but the support for IPsec is absolutely there.
HTHs.
Stefan Fouant ------Original Message------ From: Voll, Toivo To: Chris Campbell To: Dawood Iqbal Cc: nanog@nanog.org Subject: RE: Best VPN Appliance Sent: Mar 8, 2010 11:56 AM
We're generally happy with our Juniper SA6500s, but they, and a lot of the other SSL VPN vendor appliances will not support IPSec. Cisco's ASA does, but it's less feature-rich in the SSL VPN arena. The Juniper was the most mature and flexible of all the offerings we looked at, but also the most expensive, and it's not perfect either.
Having migrated from Cisco's 3000 series appliances, the current SSL VPNs are a totally different mindset and about two orders of magnitude more complicated. Have a very good understanding of exactly what problem you're trying to solve with the product and what kind of policies and requirements you have to meet, or it's going to be a mess. I can answer more specific questions on our experiences and testing off-list.
-- Toivo Voll University of South Florida Information Technology Communications
-----Original Message----- From: Chris Campbell [mailto:Chris.Campbell@nebulassolutions.com] Sent: Friday, March 05, 2010 11:36 AM To: Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance
The Juniper SA is by far and away the market leader and in my opinion the best end user experience.
On 5 Mar 2010, at 15:57, Dawood Iqbal wrote:
Hello All,
Is it possible to get your ideas on what VPN appliances are good to have in enterprise network?
Requirements are;
SSL
IPSec
Client and Web VPN support (Win/MAC/iPhone/Android)
If webvpn is used, then when any user connects via webvpn, we should be able to re-direct him to any and ONLY specific application i.e SAP.
If 2 boxes are installed then they should replicate data seamlessly.
Regards,
dI
Sent from my Verizon Wireless BlackBerry
Hello All, Thank-you all for reply and sugessting the VPN Box. I'm in the process of evaluating different boxes and they are; SA4500 SSL VPN Appliance http://www.juniper.net/us/en/products-services/security/sa-series/sa4500/ Barracuda SSL VPN http://www.barracudanetworks.com/ns/products/sslvpn_overview.php F5 FirePass SSL VPN http://www.f5.com/products/firepass/ The problem i'm facing so far is MAC OS X compatibility. The demo box i had for Juniper was not able to run Network Connect on MAC OS 10.5.8. From your experience from F5, Juniper and Barracuda, which one will be best in terms of; 1) Support 2) Resiliency 3) Security 4) Scalability 5) Manageability Thanks for all your help. Regards, Dawood Iqbal _________________________________________________________________ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
For the Juniper box, make sure you are running the 6.5R3 version of code to get the MAC to work. They put a fix in for it. It is working well for us here. http://kb.juniper.net/index?page=content&id=KB16134&actp=search&searchid=1268921120591 I have no experience with either F5 or Barracuda, but we have found the Juniper SSL to be extremely reliable and flexible to suit all of our needs. We have several 2500's deployed. Joe -----Original Message----- From: Dawood Iqbal [mailto:dawood_iqbal@hotmail.com] Sent: Thursday, March 18, 2010 6:17 AM To: nanog@nanog.org Subject: RE: Best VPN Appliance Hello All, Thank-you all for reply and sugessting the VPN Box. I'm in the process of evaluating different boxes and they are; SA4500 SSL VPN Appliance http://www.juniper.net/us/en/products-services/security/sa-series/sa4500/ Barracuda SSL VPN http://www.barracudanetworks.com/ns/products/sslvpn_overview.php F5 FirePass SSL VPN http://www.f5.com/products/firepass/ The problem i'm facing so far is MAC OS X compatibility. The demo box i had for Juniper was not able to run Network Connect on MAC OS 10.5.8. From your experience from F5, Juniper and Barracuda, which one will be best in terms of; 1) Support 2) Resiliency 3) Security 4) Scalability 5) Manageability Thanks for all your help. Regards, Dawood Iqbal _________________________________________________________________ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
On Mar 18, 2010, at 5:17 AM, Dawood Iqbal wrote: The problem i'm facing so far is MAC OS X compatibility. The demo box i had
for Juniper was not able to run Network Connect on MAC OS 10.5.8.
We use an SA700 (lowest-end model) and I use NC regularly form my Mac, but I am running 10.6.2. I did not have trouble running NC when I was on 10.5 however, but that was several months ago. The biggest trick on the Mac is figuring out how to use a client-side certificate properly...
From your experience from F5, Juniper and Barracuda, which one will be best in terms of;
Speaking only from my experience with the Juniper product: 1) Support When dealing with configuring and troubleshooting the appliance itself, JTAC has been pretty helpful when I've had to call on them. However, it has been hard getting help when dealing with client issues (Bob's PC won't establish tunnel properly, host checker issues, etc.). 2) Resiliency We don't do HA as we only have a handful of users, so I can't speak to this. 3) Security It's good enough for us, and we have lots of rules we have to follow (financial institution). Authentication is hooked into our Active Directory, so passwords are managed from there. We require a client-side certificate issued from a private CA, which works well, even recognizes and enforces certificate revocation lists. 4) Scalability See #2. We have a max of maybe five concurrent users, and that's a rare occurrence. 5) Manageability Set it and forget it. Only thing I have to do is load ESAP updates occasionally (host checker engine definitions). There are a couple useful SNMP oid's but they're not documented very well.
On 3/8/2010 8:37 PM, Blomberg, Orin P (DOH) wrote:
There is also the fact to consider that Cisco has said there will be no support for Windows 64-bit on their IPSEC client, they are pushing people to the AnyConnect (An SSL-based clientless IPSEC) who want to use Windows 64-bit or other OSs, so in the future the argument for having a separate box for client-based IPSEC will be moot.
You can also use the Shrew Soft VPN Client. Comes in various flavors including 64-bit. Greetings, L.
-----Original Message----- From: Stefan Fouant [mailto:sfouant@shortestpathfirst.net] Sent: Monday, March 08, 2010 11:29 AM To: Voll, Toivo; Chris Campbell; Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance
Toivo,
The SA Series absolutely supports IPsec if you are using Network Connect. It defaults to using IPsec and if that is not supported then it will fall back to SSL. Of course, NC is not as secure as W-SAM, J-SAM, or Core Access in terms of role and resource granularity control but the support for IPsec is absolutely there.
HTHs.
Stefan Fouant ------Original Message------ From: Voll, Toivo To: Chris Campbell To: Dawood Iqbal Cc: nanog@nanog.org Subject: RE: Best VPN Appliance Sent: Mar 8, 2010 11:56 AM
We're generally happy with our Juniper SA6500s, but they, and a lot of the other SSL VPN vendor appliances will not support IPSec. Cisco's ASA does, but it's less feature-rich in the SSL VPN arena. The Juniper was the most mature and flexible of all the offerings we looked at, but also the most expensive, and it's not perfect either.
Having migrated from Cisco's 3000 series appliances, the current SSL VPNs are a totally different mindset and about two orders of magnitude more complicated. Have a very good understanding of exactly what problem you're trying to solve with the product and what kind of policies and requirements you have to meet, or it's going to be a mess. I can answer more specific questions on our experiences and testing off-list.
-- Toivo Voll University of South Florida Information Technology Communications
-----Original Message----- From: Chris Campbell [mailto:Chris.Campbell@nebulassolutions.com] Sent: Friday, March 05, 2010 11:36 AM To: Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance
The Juniper SA is by far and away the market leader and in my opinion the best end user experience.
On 5 Mar 2010, at 15:57, Dawood Iqbal wrote:
Hello All,
Is it possible to get your ideas on what VPN appliances are good to have in enterprise network?
Requirements are;
SSL
IPSec
Client and Web VPN support (Win/MAC/iPhone/Android)
If webvpn is used, then when any user connects via webvpn, we should be able to re-direct him to any and ONLY specific application i.e SAP.
If 2 boxes are installed then they should replicate data seamlessly.
Regards,
dI
Sent from my Verizon Wireless BlackBerry
You are correct; I should have been more pedantic -- the SA series cannot terminate site-to-site IPsec tunnels, according to the sales engineer, unlike the Cisco 3000 series and ASA. -- Toivo Voll University of South Florida Information Technology Communications -----Original Message----- From: Stefan Fouant [mailto:sfouant@shortestpathfirst.net] Sent: Monday, March 08, 2010 2:29 PM To: Voll, Toivo; Chris Campbell; Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance Toivo, The SA Series absolutely supports IPsec if you are using Network Connect. It defaults to using IPsec and if that is not supported then it will fall back to SSL. Of course, NC is not as secure as W-SAM, J-SAM, or Core Access in terms of role and resource granularity control but the support for IPsec is absolutely there.
participants (16)
-
Blomberg, Orin P (DOH)
-
Brandon Ewing
-
Dawood Iqbal
-
Jason Gurtz
-
Joe Goldberg
-
John Lightfoot
-
Jon Auer
-
Laurens Vets
-
Matthew Elmore
-
Michael K. Smith - Adhost
-
Mike Callahan
-
Nick Hilliard
-
Scott Howard
-
Stefan Fouant
-
Tony Varriale
-
Voll, Toivo