Re: SSL VPN

[Security <security () davidswafford com>]

Based on the amount of growth you have upcoming, have you considered  
putting VPN services on a separate box and let your firewall be  
dedicated to being just a firewall?  We currently run a pair of PIXs  
as our external firewall and have a Cisco VPN 3060 Concentrator for  
vpn.  Though if you are looking to buy now, the VPN 3000 series from  
Cisco is being EOL'd soon.  We are replacing the PIX/3060 setup with 4  
ASA 5520s in the next few months, a pair for VPN and a pair for  
Firewall services.  For the record, we on usually have about 100-120  
concurrent VPN sessions, about 80-90 of that are remote users.

David.


On Jan 15, 2008, at 10:16 AM, Kartik wrote:

> Hi List,
>
> Currently we have 100+ home users who connect to our VPN gateway
> (IPSEC) and access the resources. As the business is growing, within a
> couple of months we'll be having more than 300 users operating from
> home.
>
> Management asked us to give them a "cost effective" solution to
> migrate the existing home users to "SSL VPN" so that there won't be
> any requirement of installing the software client etc (keeping in mind
> that the associates working from home will be growing) and it will be
> more secure.
>
> We also have a Cisco ASA as a perimeter firewall on our network on
> which we can configure the SSL VPN but cpu utilization on the ASA is
> somewhere near 40%.
>
> I would like to know the cost effective way to implement the same. I
> would also like to know the products in the market which supports SSL
> VPN or shall we go ahead and implement SSL VPN on our existing ASA
> firewall? Will it consume a lot of cpu utilization on it?
>
> --
> Thanx,
> Kartik
> www.hcl.in
> +1 408 416 2089 X 5313
> +91 9810998169