We have gone through tremendous growth with RA VPN clients and decided that SSL VPN will be a better solution for us.
So we started looking and are testing two vendors, Juniper and Aventail. While their products deliver what they promise, I started wondering about ASA, since we are currently running PIX. So I have a few questions about it I hope you can help me with:
1) As far as I see, ASA comes in several 'editions'. Are the 4 editions not just modules or licenses for the same box and IOS? The significance of this is that if we purchase from a different vendor and PIX runs out of steam one day, we will probably upgrade to ASA anyway for its firewall capabilities. We then might sit with two boxes, and both can do SSL VPN. The same applies to IPS. If we do buy ASA, could we some day 'add on' IPS modules if we want to, or is it a new ASA model all together? Apart from redundancy issues, I am very keen on keeping these things tied together. So instead of going for another vendor, should we go for ASA and add modules as we go along?
2) How does ASA SSL-VPN compare to other vendors. I have seen comparisons (granted, supplied by Juniper putting themselves at the top and aventail 2nd :). But I cannot really find independant comparisons anywhere.
The Gartner report is more or less what Juniper is advertising, so they are probably not blowing their own horn as much as I thought. Still, always good to double check. I must say their device is great, I have not seen ASA SSL VPN yet, but I would like to compare it. Do you (or anyone else reading this) have any comments on functionality?Specifics I am after (in order):
1) Security (ie. authentication methods - Ideally we want AD and certificate based auth)
2) Reporting. One thing that drove me to look for something else was that there is no effective way to see who is doing what with IPSec. The Juniper device has logs to summarize activity like 'user mike connected to mail.company.com at 17:00' or 'user mike tried to connect to finance.company.com and was denied' etc.
3) Ease of use for users. We need to cater for all levels of users.
4) Ease of installation. Ideally no admin intervention.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...