Educause Security Discussion mailing list archives
Re: VPN Concentrator replacement
From: "Dugan, Darin D [ITSYS]" <dddugan () IASTATE EDU>
Date: Wed, 8 May 2019 13:27:19 +0000
Cisco ASA / AnyConnect here for a long time. As soon as they fix the iOS AnyConnect client we'll be changing authentication from LDAP to SAML against our SSO IDP. Users see the SSO login and MFA challenge they're used to from other services, not the AnyConnect username/password window. Makes MFA much more user friendly than RADIUS integration. (Cisco acknowledged bug in iOS AnyConnect where during connection if you navigate away from AnyConnect to approve/retrieve MFA in another app on the same device the connection starts over because you left AnyConnect. Supposed to be fixed in 4.8 "Real Soon Now".) Cheers. -- Darin Dugan Information Technology Iowa State University From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Akey, Michael Sent: Tuesday, May 7, 2019 3:51 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] VPN Concentrator replacement Hello Security list, At OSU we're looking to replace our aging Cisco ASA devices with a new VPN solution. We wanted to know what other higher-ed institutions are using these days with regards to VPN for end users (not site-to-site/cloud VPN). Our current solution was very over-built for how it was ultimately used and we only have about 100-300 concurrent users on any given day. Any solution we go with must support Duo 2fa - though I'm seeing that nearly any VPN service is supported by way of a RADIUS shim or custom login pages for SSL web VPNs. If you've recently moved to a new VPN solution and are willing to briefly share your experiences with certain vendors/products I would appreciate it. If you know of a good article or existing survey of what other higher-ed institutions use for client VPNs I'd love that too. Thank you, Mike Akey Systems Engineer, IT Infrastructure University Information and Technology | Oregon State University 541-737-4948 | uit.oregonstate.edu
Attachment:
smime.p7s
Description:
Current thread:
- VPN Concentrator replacement Akey, Michael (May 07)
- Re: VPN Concentrator replacement Telfer, Will (May 07)
- Re: VPN Concentrator replacement Francisco Chavez (May 07)
- Re: VPN Concentrator replacement Bandy, John (May 08)
- Re: VPN Concentrator replacement Pardonek, Jim (May 08)
- Re: VPN Concentrator replacement King, Ronald A. (May 08)
- Re: VPN Concentrator replacement Francisco Chavez (May 07)
- Re: VPN Concentrator replacement Telfer, Will (May 07)
- Re: VPN Concentrator replacement Brian Epstein (May 07)
- Re: VPN Concentrator replacement Mike Wiseman (May 08)
- Re: VPN Concentrator replacement Dugan, Darin D [ITSYS] (May 08)