[VPN] Re: SSL VPN testing results available

Joel M Snyder Joel.Snyder at Opus1.COM
Wed Dec 21 15:54:55 EST 2005 


Joseph S D Yao wrote:
> On Tue, Dec 20, 2005 at 09:59:21AM -0700, Joel M Snyder wrote:
> 
>>A very very large review / test I just completed has finally been 
>>published by Network World:
>>
>>http://www.networkworld.com/reviews/2005/121905-ssl-test-intro.html
> 
> Joel, mildly curious why Cisco is not included.

Cisco is in a state of disarray.  They are not committed to the 3000 
series, since it's really end-of-life hardware, but that's where their 
good SSL VPN software is.  The ASA series, which is their New Best Idea 
for security is several major revisions behind on the SSL VPN 
capabilities. So Cisco said "hey, don't evaluate us because we don't 
have good software right now."  (I'm not leaking any secret information 
here; I don't know FOR SURE that the 3000 is essentially EOL, but it 
sure is very old hardware and I can't imagine that they will be pushing 
that hardware platform when they have the new ASA stuff to go for.)

Actually, what they said is that the good software would be available on 
the ASA by the time the article is published and they didn't want the 
review to mis-represent what was shipping at the moment the review was 
published.  And they were very specific that they didn't want the 3000 
series incorporated.  But, surprise, surprise, the SSL VPN stuff on the 
ASA hasn't been brought up to speed yet (but will any day now, I'm 
absolutely sure).

I don't think that Cisco has really demonstrated the kind of interest in 
the SSL VPN market that other vendors have.  In part, this is because 
they don't have to.  Look at the 3000 series, the Altiga boxes.  Very 
very hot stuff, which means that their need to have a good remote access 
story is less.  Compare that to the top products in the review: Juniper, 
F5, Nokia.  None of those has had a decent story for remote access, 
meaning that it is that much more important that they do a great job in 
SSL VPN.  (Aventail is a bit of an anomaly here, since they DO have a 
good remote access story, AND they have a great SSL VPN product, but for 
every rule there's an exception).

I think that Cisco is going to be in the same bucket as Nortel and Check 
Point. All three have outstanding IPsec solutions, which really takes 
the pressure off of them to do a good SSL remote access solution. None 
of them are really striving to be top-tier in the way that folks like 
Juniper MUST in order to be credible.

Hmmm.  I guess that was more than you wanted to know.  Stuck in the 
airport, got nothing to do but blather...

jms

-- 
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
jms at Opus1.COM    http://www.opus1.com/jms    Opus One

More information about the VPN mailing list