Secure Remote Access (SSL VPN)
Last Saturday we had fun in our annual lunch and I presented about secure mobile remote access (SSL VPN). I wanted to let everyone know that there is a better, easier and safer way to connect to the corporate network remotely.
Different sort of remote access are being used today. It’s a necessity and convenience upon which businesses are relying. VPN (Virtual Private Network) is a mature technology and many big networks are connected to each other by it. The main technologies being used for VPN today are IPSec (IP Security), PPTP (Point to Point Tunneling Protocol), L2TP (Layer 2 Tunneling Protocol) and SSL (Secure Socket Layer). If we categorize them in terms of their use then the VPNs can be of 2 types.
1. Site to site VPN (one network is connected to another network)
2. Mobile VPN (A mobile PC/Notebook/PDA is connected to a network)
For site to site VPN IPSec is the most popular one. In real life it’s usually a secure connection between Head office and branch offices. It’s managed by technical team so, there’s no direct involvement of non-technical users, it’s transparent and seamless for them. It’s proven to be quite effective that way.
As for the mobile VPN, there is a direct and active involvement of the end user, no matter whether they’re technical or non-technical person. So, this one becomes a challenge in terms of security, productivity and manageability. The main problem with mobile IPSec VPN is that it requires the installation of a client software and configuration which makes it quite difficult for the end users and creates a lot of overhead for technical support.
The SSL VPN on the other hand don’t require any dedicated client installation. Basically web browser is the client. If the user knows how to browse a web site then it’s enough. This makes SSL VPN the killer application in mobile secure remote connection. Currently the SSL VPNs are quite expensive compared to IPSec and PPTP but I think they’ll be able to compete price-wise soon.
Most of the Networking vendors are already in the SSL VPN market. Current market leader is Aventail. I’ve had an opportunity to test Aventail and Sonicwall SSL VPN. Aventail has solved most of the problem that SSL VPN needs to solve and other ssl vpns are still quite far behind the leader. E.g. if you have a web application running in your local network heavily relying on java scripts then you might face some problems with sonicwall ssl vpn (I’ve heard that other ssl vpns have similar problems) but Aventail seems to work smoothly. Also Aventail has better security policy control and easier management system.
If you want the best ssl vpn solutions then you should definitely choose Aventail but if you need a cost effective solution then Sonicwall should do the job.
“Current market leader is Aventail” – actually Juniper is market leader by far. It seems Sonic Wall stinks to high heaven. I suggest reading http://www.networkworld.com/reviews/2005/121905-ssl-test-intro.html?review=sslvpn
IIRC infonetics placed juniper 1st, then f5, aventail, nortel and whale (not necessarily in that order).
I’ve seen nortel critisized and f5 bashed for GUI that doesn’t deliver. Aventail are just starting to get their act together.
Thanks for pointing to the detail review. I agree that sonicwall is a poor mans ssl vpn (what to expect from $2000), I’ve got the first hand experience. Good to know that Juniper is doing that well! Anyway my main emphasis was on technology rather than vendor. I got chance to test only these 2 brands 🙂
hello, how to configure openvpn server for Site to site VPN and Mobile VPN on one server
Hendra,
This and this and this might be helpful to you.