[VPN] Universal VPN client

Travis Watson travis at traviswatson.com
Sat Jul 17 11:43:04 EDT 2004


Doug,

I'm sure most everyone on the list would love to do ssl VPN for their 
clients, but cost is the main issue for me and probably most out there. 
For small to mid-sized companies, a 5-figure initial investment probably 
isn't met too well--particularly when they can do it for less than 
$1000. For large companies, ssl VPN (as it is today) becomes 
impractical--even if cost isn't as big a factor. We currently have over 
20,000 VPN users in my company (well, the company I work for, not 
exactly mine). To serve all of them with ssl VPN would require a 
7-figure investment and care and feeding on dozens of termination 
points. We can do it now for under $10 a head with standard IPSec 
clients and just a few pairs of termination points distributed around 
the world.

Plus we have a lot of fruity, home-grown applications that use custom 
tcp-ports (a *lot* of them), that ssl wouldn't seem to be able to do. 
Even common commercial applications are known for using random, or 
custom, tcp high ports--Exchange being the biggest one (OWA just doesn't 
cut it for executives). You mention a windows adapter over SSL--could 
you give us more info on that, please? I'm not familiar with it.

Now if you can get that old Neoteris stuff onto your ASIC, handle layer 
3 without having to futz with the Destops much (hopefully not at all), 
and get the cost toward $10/person, you may well have something. That 
just seems like a lot to ask.

Regards,

Travis


Doug Dooley wrote:

> Just curious – why would you want to deal with the headaches of full 
> client software configuration + management, all the various NAT 
> traversal problems, and Proxy conflict issues associated with legacy 
> Layer 3 tunneling clients (L2TP, PPTP, IPSec)?
>
> SSL VPN devices provide “anytime anywhere” access in three forms:
>
> - Pure clientless (web-based) – Internet café, kiosk, PDA, cell phone, 
> anything with a first-class SSL enabled browser
>
> - Semi clientless (client/server app support) via Java Applet or 
> ActiveX/Win32
>
> - Full Layer 3 access (windows network adapter over SSL)
>
> No client software installation/configuration/management, No NAT 
> traversal problems, No proxy conflicts.
>
> Sorry for the pitch but just thinking - right tool for the right job?
>
> Maybe I’m missing something?
>
> If cap-ex cost of the appliance is the issue, there are cost-effective 
> choices out there.
>
> Just wait a couple of weeks when Juniper announces an extremely cost 
> effective SSL VPN appliance that will resonant with those 
> price-sensitive folks.
>
> Your thoughts…
>
> *Doug Dooley*
> Security Products Group
> Technical Marketing, Manager
>
> ------------------------------------------------------------------------
>
> *From:* vpn-bounces+ddooley=juniper.net at lists.shmoo.com 
> [mailto:vpn-bounces+ddooley=juniper.net at lists.shmoo.com] *On Behalf Of 
> *Jas Chase
> *Sent:* Thursday, July 08, 2004 10:16 AM
> *To:* vpn at lists.shmoo.com
> *Subject:* [VPN] Universal VPN client
>
> Hi All,
>
> Just wanted to know whether there is a universal VPN client for 
> Windows that supports IPSEC, PPTP, L2TP. My reason for asking this is 
> because I do not want to install proprietary Netscreen Client software 
> on my laptop but instead a universal client. Any help would be greatly 
> appreciated. Thanks.
>
> Sincerely,
> Jas Chase
> /K-Swiss MIS/
>
>------------------------------------------------------------------------
>
>_______________________________________________
>VPN mailing list
>VPN at lists.shmoo.com
>http://lists.shmoo.com/mailman/listinfo/vpn
>




More information about the VPN mailing list