[VPN] Re: SSL VPN testing results available
Joel M Snyder
Joel.Snyder at Opus1.COM
Wed Dec 21 15:54:55 EST 2005
Joseph S D Yao wrote:
> On Tue, Dec 20, 2005 at 09:59:21AM -0700, Joel M Snyder wrote:
>
>>A very very large review / test I just completed has finally been
>>published by Network World:
>>
>>http://www.networkworld.com/reviews/2005/121905-ssl-test-intro.html
>
> Joel, mildly curious why Cisco is not included.
Cisco is in a state of disarray. They are not committed to the 3000
series, since it's really end-of-life hardware, but that's where their
good SSL VPN software is. The ASA series, which is their New Best Idea
for security is several major revisions behind on the SSL VPN
capabilities. So Cisco said "hey, don't evaluate us because we don't
have good software right now." (I'm not leaking any secret information
here; I don't know FOR SURE that the 3000 is essentially EOL, but it
sure is very old hardware and I can't imagine that they will be pushing
that hardware platform when they have the new ASA stuff to go for.)
Actually, what they said is that the good software would be available on
the ASA by the time the article is published and they didn't want the
review to mis-represent what was shipping at the moment the review was
published. And they were very specific that they didn't want the 3000
series incorporated. But, surprise, surprise, the SSL VPN stuff on the
ASA hasn't been brought up to speed yet (but will any day now, I'm
absolutely sure).
I don't think that Cisco has really demonstrated the kind of interest in
the SSL VPN market that other vendors have. In part, this is because
they don't have to. Look at the 3000 series, the Altiga boxes. Very
very hot stuff, which means that their need to have a good remote access
story is less. Compare that to the top products in the review: Juniper,
F5, Nokia. None of those has had a decent story for remote access,
meaning that it is that much more important that they do a great job in
SSL VPN. (Aventail is a bit of an anomaly here, since they DO have a
good remote access story, AND they have a great SSL VPN product, but for
every rule there's an exception).
I think that Cisco is going to be in the same bucket as Nortel and Check
Point. All three have outstanding IPsec solutions, which really takes
the pressure off of them to do a good SSL remote access solution. None
of them are really striving to be top-tier in the way that folks like
Juniper MUST in order to be credible.
Hmmm. I guess that was more than you wanted to know. Stuck in the
airport, got nothing to do but blather...
jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX)
jms at Opus1.COM http://www.opus1.com/jms Opus One
More information about the VPN
mailing list