Educause Security Discussion mailing list archives
Re: VPN Concentrator replacement
From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Wed, 8 May 2019 12:38:31 +0000
We are in the process of consolidating various VPN services into an ASA/AnyConnect service (not quite what you wanted to hear I think). The service consists of three parts: Enterprise application access: MFA using Gemalto eToken, group-based authorization implemented on ASA using the DAP (dynamic access policies) feature. 1.3 K concurrent users Dept Secure Access: same as above but departments can configure secure access to their services and manage the authorization (new - no stats on this yet) General Purpose: single factor authn (plans to add a mobile MFA service), no authorization capability, just an IP in the University's network. 100 concurrent users Mike Mike Wiseman Associate Director, Information Security Information Technology Services University of Toronto 978-1267 Information Security Is Everyone's Responsibility. Learn more: http://securitymatters.utoronto.ca <http://securitymatters.utoronto.ca/> This email and any attachments contain privileged and / or confidential information for internal University of Toronto communication only unless otherwise indicated. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Akey, Michael Sent: Tuesday, May 07, 2019 4:51 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] VPN Concentrator replacement Hello Security list, At OSU we're looking to replace our aging Cisco ASA devices with a new VPN solution. We wanted to know what other higher-ed institutions are using these days with regards to VPN for end users (not site-to-site/cloud VPN). Our current solution was very over-built for how it was ultimately used and we only have about 100-300 concurrent users on any given day. Any solution we go with must support Duo 2fa - though I'm seeing that nearly any VPN service is supported by way of a RADIUS shim or custom login pages for SSL web VPNs. If you've recently moved to a new VPN solution and are willing to briefly share your experiences with certain vendors/products I would appreciate it. If you know of a good article or existing survey of what other higher-ed institutions use for client VPNs I'd love that too. Thank you, Mike Akey Systems Engineer, IT Infrastructure University Information and Technology | Oregon State University 541-737-4948 | uit.oregonstate.edu
Attachment:
smime.p7s
Description:
Current thread:
- VPN Concentrator replacement Akey, Michael (May 07)
- Re: VPN Concentrator replacement Telfer, Will (May 07)
- Re: VPN Concentrator replacement Francisco Chavez (May 07)
- Re: VPN Concentrator replacement Bandy, John (May 08)
- Re: VPN Concentrator replacement Pardonek, Jim (May 08)
- Re: VPN Concentrator replacement King, Ronald A. (May 08)
- Re: VPN Concentrator replacement Francisco Chavez (May 07)
- Re: VPN Concentrator replacement Telfer, Will (May 07)
- Re: VPN Concentrator replacement Brian Epstein (May 07)
- Re: VPN Concentrator replacement Mike Wiseman (May 08)
- Re: VPN Concentrator replacement Dugan, Darin D [ITSYS] (May 08)