Educause Security Discussion mailing list archives
Re: VPN service -- Quick Poll
From: Julian Y Koh <kohster () NORTHWESTERN EDU>
Date: Fri, 9 Mar 2012 14:45:34 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri Mar 09 2012 08:18:36 Central Time, Zahid Mehmood wrote:
1. Is your campus using, or does it plan to use, VPN access for remote users?
We have been offering traditional remote access VPN services since 2000.
2 . What vendor(s) and protocols (SSL, IPSec, other) are you using?
We are still using the aging Cisco VPN3000 platform right now for our traditional service, supporting PPTP, L2TP/IPSec, and the Cisco IPSec client. In 2007 we began offering a specialized SSL VPN service for targeted groups of users with the Juniper SA platform. In the coming months we will be replacing the VPN3000s with ASAs, so we will have to drop PPTP support and add the Cisco AnyConnect client as an option.
3. How many concurrent remote users can your system support?
Traditional VPN can theoretically support a /21 of users, but the VPN3000s will start showing slowdowns around 600 users, especially if a lot of them are PPTP users. Normal max load these days is around 300 or so. The SSL VPN service has a hardware limit in the thousands of users, but we're only currently licensed for 500 simultaneous, which is more than enough for now.
4. Do you offer any specialized/custom VPN services for departments, researchers, etc.?
Yes, the SSL VPN service is customized for groups and departments, since that uses split tunneling and reserved IP address ranges. We currently have ~120 distinct groups that have signed up for the service.
5. Is your VPN offering part of your DR plan/requirement?
Yes. - -- Julian Y. Koh <mailto:kohster () northwestern edu> Manager, Network Transport <phone:847-467-5780> Telecommunications and Network Services Northwestern University PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html> -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAk9aF40ACgkQDlQHnMkeAWMJ6gCgnZeQbtFl/f5VsXoSaVVxDwXX Z8oAn0dRC0e6XnhMTb2oFuCmfKAJk8pq =LKYc -----END PGP SIGNATURE-----
Current thread:
- VPN service -- Quick Poll Zahid Mehmood (Mar 09)
- Re: VPN service -- Quick Poll Cappalli, Tim G @ LSC-ITS (Mar 09)
- Re: VPN service -- Quick Poll Julian Y Koh (Mar 09)
- Re: VPN service -- Quick Poll Zahid Mehmood (Mar 09)
- Re: VPN service -- Quick Poll Julian Y Koh (Mar 09)
- Re: VPN service -- Quick Poll Zahid Mehmood (Mar 09)
- Re: VPN service -- Quick Poll Dennis Bohn (Mar 09)
- Re: VPN service -- Quick Poll Schumacher, Adam J. (Mar 09)
- Re: VPN service -- Quick Poll Aaron Hockett (Mar 09)
- Re: VPN service -- Quick Poll Russ Leathe (Mar 09)
- Re: VPN service -- Quick Poll (documenting the procedures) David Grisham (Mar 09)
- Re: VPN service -- Quick Poll (documenting the procedures) Julian Y Koh (Mar 09)
- Re: VPN service -- Quick Poll (documenting the procedures) Manuel Amaral (Mar 09)
- Re: VPN service -- Quick Poll (documenting the procedures) David Grisham (Mar 09)
- Re: VPN service -- Quick Poll Manuel Amaral (Mar 09)
(Thread continues...)