Toivo, The SA Series absolutely supports IPsec if you are using Network Connect. It defaults to using IPsec and if that is not supported then it will fall back to SSL. Of course, NC is not as secure as W-SAM, J-SAM, or Core Access in terms of role and resource granularity control but the support for IPsec is absolutely there.
HTHs. Stefan Fouant ------Original Message------ From: Voll, Toivo To: Chris Campbell To: Dawood Iqbal Cc: nanog@nanog.org Subject: RE: Best VPN Appliance Sent: Mar 8, 2010 11:56 AM We're generally happy with our Juniper SA6500s, but they, and a lot of the other SSL VPN vendor appliances will not support IPSec. Cisco's ASA does, but it's less feature-rich in the SSL VPN arena. The Juniper was the most mature and flexible of all the offerings we looked at, but also the most expensive, and it's not perfect either. Having migrated from Cisco's 3000 series appliances, the current SSL VPNs are a totally different mindset and about two orders of magnitude more complicated. Have a very good understanding of exactly what problem you're trying to solve with the product and what kind of policies and requirements you have to meet, or it's going to be a mess. I can answer more specific questions on our experiences and testing off-list. -- Toivo Voll University of South Florida Information Technology Communications -----Original Message----- From: Chris Campbell [mailto:chris.campb...@nebulassolutions.com] Sent: Friday, March 05, 2010 11:36 AM To: Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance The Juniper SA is by far and away the market leader and in my opinion the best end user experience. On 5 Mar 2010, at 15:57, Dawood Iqbal wrote: > Hello All, > > > > Is it possible to get your ideas on what VPN appliances are good to have in > enterprise network? > > > > Requirements are; > > SSL > > IPSec > > Client and Web VPN support (Win/MAC/iPhone/Android) > > If webvpn is used, then when any user connects via webvpn, we should be able > to re-direct him to any and ONLY specific application i.e SAP. > > If 2 boxes are installed then they should replicate data seamlessly. > > > > > > Regards, > > dI > Sent from my Verizon Wireless BlackBerry
