Educause Security Discussion mailing list archives

Re: VPN Concentrator replacement

From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Wed, 8 May 2019 12:38:31 +0000

We are in the process of consolidating various VPN services into an
ASA/AnyConnect service (not quite what you wanted to hear I think). The
service consists of three parts:

 

Enterprise application access: MFA using Gemalto eToken, group-based
authorization implemented on ASA using the DAP (dynamic access policies)
feature. 1.3 K concurrent users

 

Dept Secure Access: same as above but departments can configure secure
access to their services and manage the authorization (new - no stats on
this yet)

 

General Purpose: single factor authn (plans to add a mobile MFA service), no
authorization capability, just an IP in the University's network.    100
concurrent users 

 

 

Mike

 

 

 

Mike Wiseman

Associate Director, Information Security

Information Technology Services

University of Toronto

978-1267

 

Information Security Is Everyone's Responsibility. Learn more:

http://securitymatters.utoronto.ca <http://securitymatters.utoronto.ca/> 

 

This email and any attachments contain privileged and / or confidential
information for internal University of Toronto communication only unless
otherwise indicated.

 

 

From: The EDUCAUSE Security Community Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Akey, Michael
Sent: Tuesday, May 07, 2019 4:51 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] VPN Concentrator replacement

 

Hello Security list,

 

At OSU we're looking to replace our aging Cisco ASA devices with a new VPN
solution.  We wanted to know what other higher-ed institutions are using
these days with regards to VPN for end users (not site-to-site/cloud VPN).
Our current solution was very over-built for how it was ultimately used and
we only have about 100-300 concurrent users on any given day.  Any solution
we go with must support Duo 2fa - though I'm seeing that nearly any VPN
service is supported by way of a RADIUS shim or custom login pages for SSL
web VPNs.

 

If you've recently moved to a new VPN solution and are willing to briefly
share your experiences with certain vendors/products I would appreciate it.
If you know of a good article or existing survey of what other higher-ed
institutions use for client VPNs I'd love that too.

 

Thank you,

 

Mike Akey
Systems Engineer, IT Infrastructure
University Information and Technology | Oregon State University
541-737-4948 | uit.oregonstate.edu

Attachment: smime.p7s
Description:

Current thread:

VPN Concentrator replacement Akey, Michael (May 07)
- Re: VPN Concentrator replacement Telfer, Will (May 07)
  - Re: VPN Concentrator replacement Francisco Chavez (May 07)
    - Re: VPN Concentrator replacement Bandy, John (May 08)
    - Re: VPN Concentrator replacement Pardonek, Jim (May 08)
    - Re: VPN Concentrator replacement King, Ronald A. (May 08)
- Re: VPN Concentrator replacement Brian Epstein (May 07)
- Re: VPN Concentrator replacement Mike Wiseman (May 08)
- Re: VPN Concentrator replacement Dugan, Darin D [ITSYS] (May 08)