Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Clientless VPN

Unanswered Question
Feb 11th, 2003
User Badges:

Does anybody knows if Cisco is planning to releas a Clientless VPN solution for their VPN concentrator series devices. Vendors like checkpoint have already done that and I was wondering what is Cisco doing about it.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gfullage Tue, 02/11/2003 - 19:10
User Badges:
  • Cisco Employee,

Are you referring to SSL-based VPN's, like mentioned here: http://www.nwfusion.com/reviews/2002/1028bgipsecalt.html

If so, then yes, we're working on it. I don't believe anything's been written in stone yet so I can't give you a date or anything, but it is being worked on.

As with any new feature, feel free to push your Account Manager for it. The more customers that ask for something new, the faster it gets in.

ja1064 Mon, 06/02/2003 - 07:14
User Badges:

i am trying to show my boss the difference between a PIX solution and a Citrix Metaframe solution. We have already made an investment in Metaframe so to support some remote users but we have more coming. So the question is whether we expand it or go with a PIX.

I've never used a vpn product before so i don't understand what it looks like from both the user and support/administration.

i see from the articles from the above link that SSL isn't as 'strong'. One author asserts "There are more opportunities for outside attack, the crypto is not as robust and the authentication is not as strong"

well, compared to the nothing we have now, anything is better. Doe Cisco have something that does a comparison?

pdentico Mon, 06/02/2003 - 07:33
User Badges:

It really depends on what you are trying to accomplish. A pix is not a replacement for Citrix. From the VPN standpoint it is a means to connect outside devices securely to the network. It would depend on what the user is trying to get to, and how sensitive the data is as to whether it is worth tossing the citrix out of the equation.

But remember there are insecure(or should I say "less secure") ways to setup the pix VPN as well;-)

a.rajaram Mon, 06/02/2003 - 22:43
User Badges:


Clientless VPN" technology is catching on as the term that describes products that serve as an alternative to traditional IP Security-based VPNs.

These products come into play when an IPSec-based VPN has too much overhead, has too many proprietary extensions, is too expensive or is too limiting to solve the problem at hand. Case in point: An extranet-type VPN, with hundreds or thousands of companies participating, would be almost impossible to manage using off-the-shelf IPSec technology.

Several vendors, including Aventail, Neoteris, Netilla, SafeWeb and TrueDisk, have introduced Secure Sockets Layer (SSL)-based VPN security gateways, while Check Point Software and Nortel have added SSL-based VPN service to their overall VPN products.

The key to SSL-based VPNs is a client application available on everyone's computer: the Web browser. An end user launches a Web browser and then connects, using HTTP-over-SSL, to the SSL security gateway. After the SSL gateway authenticates the user, it proxies the connection - typically using HTTP - to a Web server inside.

One common application example is Web-based e-mail, such as Outlook Web Access (OWA), the Web front end to Microsoft's popular Exchange mail system. By dropping an SSL-based VPN server in front of an OWA Web server, a network manager can add encryption, authentication and control without putting the additional load of SSL encryption directly on the OWA server.




This Discussion