Anyone used/using Cisco's WebVPN setup?

S

SVT4ME

Limp Gawd
Joined
Feb 2, 2006
Messages
221
Hi gang,
Just started my new job and the first thing they want me to do is change the current VPN setup. The company is about 75% mobile users who VPN in to Terminal Servers. Currently we have a 3Com VPN router on our end, and another identical one on each of their ends. I was looking into the new Cisco VPN Concentrators, and they're really pushing their clientless SSL VPN solution. Literally just pull up an IE session, point it to the IP or name of the VPN box, and Voila..no hardware, no client.

Has anyone used this yet? I'm a little leery considering this is my first week here, but my previous place of employment was 100% Cisco and the stuff is just solid IMO. Not sure how bleeding edge Web based VPN is though.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/index.html

Looking for 10-20 Concurrent users now, scaling to 100+ later.

Thanks guys.
 
our corp just went with some F5 FirePass appliances...everything is done via IE. It is pretty slick.
 
So far so good in my experience. I have been running it on a pair of ASA 5550's for a few month's now. The 5550's will be overkill for 100+ SSL peer's, but the 5510 or 5520 would work.

If you go with the 5520 you can take advantage of VPN clustering and load balancing as well as statefull failover.
 
PHUNBALL said:
So far so good in my experience. I have been running it on a pair of ASA 5550's for a few month's now. The 5550's will be overkill for 100+ SSL peer's, but the 5510 or 5520 would work.

If you go with the 5520 you can take advantage of VPN clustering and load balancing as well as statefull failover.
Click to expand...

Phun, I ran twin 5520's at my previous job. It's utter overkill for this company. We also don't need the firewall aspect, as we run Smoothwall here. Glad to hear the Web based VPN is ok though.
 
SVT4ME said:
Phun, I ran twin 5520's at my previous job. It's utter overkill for this company. We also don't need the firewall aspect, as we run Smoothwall here. Glad to hear the Web based VPN is ok though.
Click to expand...

I know, just thought I would throw out the clustering piece you get with the 5520's in case there was any interest there...
 
ASA 5500's all the way. I really like them. The SSL VPN works well. Depending on your load and whether or not you need fail over, a 5510 works well if the 5520 is overkill. Or, you can get the basic 5505 for about $650.
 
SVT4ME said:
Thanks for the link ;) I was going to Google it, but wasn't sure if there was specific model I needed to look for.
Click to expand...

I don't do anything else than rack & cable them...they don't have model numbers on them that blare out at you.
 
what kind of bandwith are you guys using?

oh and have a look at the SonicWall SSL VPN 2000 or 5000
 
++ASA 5500 series. I work for Cisco, but I was an end-user once too. We used Juniper/Netscreen where I worked last time. I can say that if Cisco's solution back then was what it is now, we'd have used Cisco - since we were an otherwise all-Cisco shop. It's solid stuff, especially for Terminal Server applications.

With that few of users, you can look at using the ASA for other stuff too, such as IPS or firewalling. You could look at the 5510, and it will support up to 250 WebVPN users. If you move up the line to the 5520, it'll support up to 750 users. If you ever scale beyond that, just drop in another ASA 5520 and setup load-balancing VPN cluster. You'd have to setup round-robin DNS-based load-balancing to do it with the 5510.
 
Cisco is years beyond years behind in the SSL VPN market. You haven't used a SSL VPN concentrator until you've used Aventail's devices. The level of configurability is well beyond anything Cisco offers. Aventail may be a bit beyond your needs though as their units are both very expensive and meant for thousands of users.
 
You must log in or register to reply here.
Back
Top