Hi Amit, SSL VPN is port 443 connection so in a way this sort of VPN provides aan authentication page in a browser and once they punch in their credentials, they get a couple of applications published using citrix. Basic way will be to have a VPN Conentrator and create a group for these users, when they login they can authenticate using their RSA token or whatever mode of authentication you choose to use. 2 factor is to have two form of authentication i.e. RSA + password based.
Best approach if to choose between SSL VPN and IPSec VPN, certainly from user point of view SSL VPN is good as they get to see those icons. Anyway you can achieve the same using IPSec VPN too. Just make sure you know their apps and also punch in particular firewall rules/route the VPN subnet. Regards, Samir. On Wed, Jun 1, 2011 at 9:00 PM, <[email protected]> wrote: > Send CCIE_RS mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/mailman/listinfo/ccie_rs > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_RS digest..." > > > Today's Topics: > > 1. Need help on this Design (Amit Jp) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 1 Jun 2011 21:17:41 +0530 > From: Amit Jp <[email protected]> > To: CC IE <[email protected]> > Subject: [OSL | CCIE_RS] Need help on this Design > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > The customer has requested the ability for their developers to connect > directly to the current services hosted in SITE a), rather than having to > connect to to the 1st Direct network, then come in via the 1st Direct WAN. > They have a number of developers working from home and small offices, so > require some way of connecting from them (VPN or SSL for example). The > customer is a financial service, so 2 factor authentication may be > required. > > > The expectation is that initially there will be 20 users for this service, > but it is expected to grow to up to 100 concurrent users. Users will be > based in the UK and India initially, but access from any internet > connection > globally should be built in. > > Kindly help me in this design.What is 2 factor authentication > What is the difference between SSL and VPn? > What is the best approach for me to take in this particular design ? > > > End of CCIE_RS Digest, Vol 65, Issue 3 > ************************************** > -- Samir Idris _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
