Re: [WIRELESS-LAN] SSL VPN over wireless
I've been working with a demo from one vendor so far. In my initial meeting with them they had said they had network connect working with Linux and MAC along with Windows. I received the demo unit, and it wasn't working. Turns out had to load some beta code on the box to get it working. Once I was able to get that loaded, the client was actually getting installed, however, there were problems. In MAC OSX land it wasn't manipulating the routing tables correctly so nothing was getting passed to the newly created tunnel. In Linux land, the tunnel was passing all traffic except DNS lookups. Working with the engineers, they've gotten the MAC client resolved and I'm running a newer version that seems to be working nice and stable. The linux client is supposedly fixed also, just waiting for an email on that also. I've tried both "dynamically deployed" when you logon and "fat clients" and they both seem to work great so far! I have yet to test and PDA clients. I'm expecting a second vendor demo box to show up in the next week or two that also touts MAC and LINUX client support. Barring any major problems and if I can get the funding we'll probably be going this route. So far I've been pretty pleased with the way it's going to work out I think! Nicola On Tue, 2006-06-13 at 17:21 -0400, Jamie A. Stapleton wrote: > If you have a chance during the demos, I would love to know what you find > out about network connect working with Linux, Mac, etc. Our current SSL VPN > requires Windows and IE for network connect. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] SSL VPN over wireless
Let me just expound on Jorge's point about scalability. If you decide to use an SSL VPN box you're going to have some cost and management challenges as you move from a small deployment of a few dozen to hundreds or thousands of live connections. Modern wireless infrastructure systems support WPA/WPA2 out of the box, and all the processing happens in the AP or controller rather than in the data center, which is likely deeper into your infrastructure. It's also about protecting traffic at layer 2 or layer 3. I would prefer to protect as low as possible and add layers of security on top, as necessary. As brought up in another posting, certain hardware form factors such as game machines, PDAs, and smartphones, don't support VPN clients. WPA and WPA2 are mature enough, both in the client, infrastructure, and backend, to make it an integral part of your deployment process. Regards, Frank Bulk -Original Message- From: Jorge Bodden [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 14, 2006 8:48 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSL VPN over wireless Stephen, SSL vpn is used for remote users logging in to your network remotely. Although it could solve some of your problems on the remote access side as well as your wireless network side, it might not be the right solution if you have a big enough network. I assume that the vpn portion of of SSL stays the same in that all vpn traffic has to end up at the vpn concentrator(s) at some point or another due to the fact that the encryption will take place between the client and concentrator. (I might be mistaken here on this since I do not work with the VPN concentrator so much). Using 802.1X the authentication will go from client to AP to Radius to Authentication mechanism (LDAP, AD, etc) all of which are the same as VPN. Once the authentication takes place the traffic will no longer go to the concentrators for encryption purposes, which eliminates the chance of a potential bottleneck at the concentrator. The encryption now takes place between the AP and the client. You might still have the potential for a bottleneck at the controller if you are implementing LightWeight AP Protocol (lwapp) because then all your traffic now has to go to the controllers. Although this solution might add overhead, but one device will control traffic for internal users, while another controls traffic for external users. Please keep in mind that this solution is more scalable for larger networks. If your network is small enough you should be able to get away with SSL VPN. Thanks. Jorge Bodden Stephen Holland wrote: > I would like to know if anybody is using SSL vpn as an > authentication/encryption mechanism for wireless and how successful they > have been deploying it. > > Also, I would be curious to know what other folks think about implementing > 802.1x. Specifically do you believe this is something that will be > required in the next couple of years to support evolving technology like > VoIP phones?. > > I'm trying to decide if I should deploy an SSL vpn solution without > deploying 802.1x. My instinct tells me to plan for 802.1x but I would be > curious to hear what others think. > > Thanks > > Stephen Holland > Network Engineer > Northeastern University > > ** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > This electronic message is intended to be for the use only of the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] SSL VPN over wireless
We already have about 130 ap's deployed across all our campuses and are deploying an additional 200 or so... Management of the AP is all about perspective, you can manage an AP or you can manage a system that manages the AP. In our case we have automated most of the management of code upgrades, config generation, and such, the only time I might have to actually logon to an AP is to look to see if a client is associated... I can't tell you the number of vendors that tell me there solution will take away the management of the AP's so I don't have to do it, but when I tell them I don't do anything now except use a couple tools to deploy and program them, they don't know what to say. They are no different management wise in my eyes as our edge switches, they have a config and they have software... most AP's will even auto-choose a channel for you if you're not sure which one to put them on... I have seen no major benefit to going to lightweight, infact, have seen numerous disadvantages (such as the controller).. In our case wireless is an overlay to a wired network, not a replacement. Nicola -Original Message- From: Jorge Bodden [mailto:[EMAIL PROTECTED] Sent: Wed 6/14/2006 11:07 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSL VPN over wireless You are using FAT APs. How many APs are you planning on deploying? FAT APs are great if you have a small setup. But once you start exceeding a couple of hundred APs they tend to become a management nightmare just for channel assignment and basic configurations. Yes. You can always construct a highway with enough lanes and expansion is always a possibility. My point was more along the lines of where you want your entrances, exits and tolls on your highway. By properly selecting those strategic points the cost of expansion may be avoided unless absolutely necessary. 2500 connections is a pretty large amount of connections to handle. But wireless is expanding very fast. It starts as a luxury that turns into a commodity right before your very eyes. JB Foggi, Nicola wrote: > > We are only using "FAT" AP's so we're not concerned with the > controller based problem of conectrating the traffic, but as for the > terminations on the VPN box, it's of course always a concern, however, > you obviously need to buy a scalable system. Many of the systems > these days (at least enterprise ones) will cluster to allow thousands > of simulanteous users. It's same same problem if you are running a > traditional IPSEC VPN, how many users do you want to put on one box. > > In our scenario we are planning 1000 simultaneous users, the boxes we > are looking at support around 2500 simultaneous on one box and if you > cluster a second one in there 5000. I don't have that many users to > actually know how well it works, but I don't think I'll exceed 2000 in > the next couple of years... > > Nicola > > -Original Message- > From: Jorge Bodden [mailto:[EMAIL PROTECTED] > Sent: Wed 6/14/2006 8:48 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] SSL VPN over wireless > > Stephen, > > SSL vpn is used for remote users logging in to your network remotely. > Although it could solve some of your problems on the remote access side > as well as your wireless network side, it might not be the right > solution if you have a big enough network. I assume that the vpn > portion of of SSL stays the same in that all vpn traffic has to end up > at the vpn concentrator(s) at some point or another due to the fact that > the encryption will take place between the client and concentrator. (I > might be mistaken here on this since I do not work with the VPN > concentrator so much). > > Using 802.1X the authentication will go from client to AP to Radius to > Authentication mechanism (LDAP, AD, etc) all of which are the same as > VPN. Once the authentication takes place the traffic will no longer go > to the concentrators for encryption purposes, which eliminates the > chance of a potential bottleneck at the concentrator. The encryption > now takes place between the AP and the client. You might still have the > potential for a bottleneck at the controller if you are implementing > LightWeight AP Protocol (lwapp) because then all your traffic now has to > go to the controllers. Although this solution might add overhead, but > one device will control traffic for internal users, while another > controls traffic for external users. > > Please keep in mind that this solution is more scalable for larger > networks. If your network is small enough you should be able to get > away with SSL VPN. > > Thanks. > > Jorge Bodden > > Stephen Holland wro
Re: [WIRELESS-LAN] SSL VPN over wireless
You are using FAT APs. How many APs are you planning on deploying? FAT APs are great if you have a small setup. But once you start exceeding a couple of hundred APs they tend to become a management nightmare just for channel assignment and basic configurations. Yes. You can always construct a highway with enough lanes and expansion is always a possibility. My point was more along the lines of where you want your entrances, exits and tolls on your highway. By properly selecting those strategic points the cost of expansion may be avoided unless absolutely necessary. 2500 connections is a pretty large amount of connections to handle. But wireless is expanding very fast. It starts as a luxury that turns into a commodity right before your very eyes. JB Foggi, Nicola wrote: We are only using "FAT" AP's so we're not concerned with the controller based problem of conectrating the traffic, but as for the terminations on the VPN box, it's of course always a concern, however, you obviously need to buy a scalable system. Many of the systems these days (at least enterprise ones) will cluster to allow thousands of simulanteous users. It's same same problem if you are running a traditional IPSEC VPN, how many users do you want to put on one box. In our scenario we are planning 1000 simultaneous users, the boxes we are looking at support around 2500 simultaneous on one box and if you cluster a second one in there 5000. I don't have that many users to actually know how well it works, but I don't think I'll exceed 2000 in the next couple of years... Nicola -Original Message- From: Jorge Bodden [mailto:[EMAIL PROTECTED] Sent: Wed 6/14/2006 8:48 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSL VPN over wireless Stephen, SSL vpn is used for remote users logging in to your network remotely. Although it could solve some of your problems on the remote access side as well as your wireless network side, it might not be the right solution if you have a big enough network. I assume that the vpn portion of of SSL stays the same in that all vpn traffic has to end up at the vpn concentrator(s) at some point or another due to the fact that the encryption will take place between the client and concentrator. (I might be mistaken here on this since I do not work with the VPN concentrator so much). Using 802.1X the authentication will go from client to AP to Radius to Authentication mechanism (LDAP, AD, etc) all of which are the same as VPN. Once the authentication takes place the traffic will no longer go to the concentrators for encryption purposes, which eliminates the chance of a potential bottleneck at the concentrator. The encryption now takes place between the AP and the client. You might still have the potential for a bottleneck at the controller if you are implementing LightWeight AP Protocol (lwapp) because then all your traffic now has to go to the controllers. Although this solution might add overhead, but one device will control traffic for internal users, while another controls traffic for external users. Please keep in mind that this solution is more scalable for larger networks. If your network is small enough you should be able to get away with SSL VPN. Thanks. Jorge Bodden Stephen Holland wrote: > I would like to know if anybody is using SSL vpn as an > authentication/encryption mechanism for wireless and how successful they > have been deploying it. > > Also, I would be curious to know what other folks think about implementing > 802.1x. Specifically do you believe this is something that will be > required in the next couple of years to support evolving technology like > VoIP phones?. > > I'm trying to decide if I should deploy an SSL vpn solution without > deploying 802.1x. My instinct tells me to plan for 802.1x but I would be > curious to hear what others think. > > Thanks > > Stephen Holland > Network Engineer > Northeastern University > > ** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > This electronic message is intended to be for the use only of the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http
RE: [WIRELESS-LAN] SSL VPN over wireless
Title: RE: [WIRELESS-LAN] SSL VPN over wireless We are only using "FAT" AP's so we're not concerned with the controller based problem of conectrating the traffic, but as for the terminations on the VPN box, it's of course always a concern, however, you obviously need to buy a scalable system. Many of the systems these days (at least enterprise ones) will cluster to allow thousands of simulanteous users. It's same same problem if you are running a traditional IPSEC VPN, how many users do you want to put on one box. In our scenario we are planning 1000 simultaneous users, the boxes we are looking at support around 2500 simultaneous on one box and if you cluster a second one in there 5000. I don't have that many users to actually know how well it works, but I don't think I'll exceed 2000 in the next couple of years... Nicola -Original Message- From: Jorge Bodden [mailto:[EMAIL PROTECTED]] Sent: Wed 6/14/2006 8:48 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSL VPN over wireless Stephen, SSL vpn is used for remote users logging in to your network remotely. Although it could solve some of your problems on the remote access side as well as your wireless network side, it might not be the right solution if you have a big enough network. I assume that the vpn portion of of SSL stays the same in that all vpn traffic has to end up at the vpn concentrator(s) at some point or another due to the fact that the encryption will take place between the client and concentrator. (I might be mistaken here on this since I do not work with the VPN concentrator so much). Using 802.1X the authentication will go from client to AP to Radius to Authentication mechanism (LDAP, AD, etc) all of which are the same as VPN. Once the authentication takes place the traffic will no longer go to the concentrators for encryption purposes, which eliminates the chance of a potential bottleneck at the concentrator. The encryption now takes place between the AP and the client. You might still have the potential for a bottleneck at the controller if you are implementing LightWeight AP Protocol (lwapp) because then all your traffic now has to go to the controllers. Although this solution might add overhead, but one device will control traffic for internal users, while another controls traffic for external users. Please keep in mind that this solution is more scalable for larger networks. If your network is small enough you should be able to get away with SSL VPN. Thanks. Jorge Bodden Stephen Holland wrote: > I would like to know if anybody is using SSL vpn as an > authentication/encryption mechanism for wireless and how successful they > have been deploying it. > > Also, I would be curious to know what other folks think about implementing > 802.1x. Specifically do you believe this is something that will be > required in the next couple of years to support evolving technology like > VoIP phones?. > > I'm trying to decide if I should deploy an SSL vpn solution without > deploying 802.1x. My instinct tells me to plan for 802.1x but I would be > curious to hear what others think. > > Thanks > > Stephen Holland > Network Engineer > Northeastern University > > ** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > This electronic message is intended to be for the use only of the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] SSL VPN over wireless
Title: RE: [WIRELESS-LAN] SSL VPN over wireless I hope to be working on getting a demo from a couple of vendors in the next couple of weeks so I can have something tested and in place by Aug! One of the first criteria for us in even starting to look for it is a client to work with Windows, Mac, and Linux! :) The second requirement is no fat client (as we don't want to install software on students PC's) but I'll probably evaluate one with it just to see how bad it might be! I'll definitely keep ya posted... Nicola -Original Message- From: Jamie A. Stapleton [mailto:[EMAIL PROTECTED]] Sent: Tue 6/13/2006 4:21 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSL VPN over wireless If you have a chance during the demos, I would love to know what you find out about network connect working with Linux, Mac, etc. Our current SSL VPN requires Windows and IE for network connect. -Original Message- From: Foggi, Nicola [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 13, 2006 5:13 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSL VPN over wireless We are actually researching this current idea right now. Between 802.1x and the SSL VPN we are leaning towards the SSL VPN with what some vendors call "network connect" application that's delivered via the web login. Our goal is not have to deal with the problems of 802.1x clients across different students laptops as we don't control what they bring, at the same time provide as close to zero configuration required to get on the wireless. Our current method is WEP with a NetReg type system, so while it's a one time setup, then just a login, we were interessted in seeing how much easier we can make it. In reviewing the numerous SSL VPN's out there, we're leaning towards the ones that can deliver the network connect client (so most if not all applications work) via the web vs a fat client, so students don't have to install anything... I'll let you know how our demo's go! Nicola Foggi Networks and Telecom DePaul University -Original Message- From: Stephen Holland [mailto:[EMAIL PROTECTED]] Sent: Tue 6/13/2006 4:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] SSL VPN over wireless I would like to know if anybody is using SSL vpn as an authentication/encryption mechanism for wireless and how successful they have been deploying it. Also, I would be curious to know what other folks think about implementing 802.1x. Specifically do you believe this is something that will be required in the next couple of years to support evolving technology like VoIP phones?. I'm trying to decide if I should deploy an SSL vpn solution without deploying 802.1x. My instinct tells me to plan for 8021x but I would be curious to hear what others think. Thanks Stephen Holland Network Engineer Northeastern University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] SSL VPN over wireless
Stephen, SSL vpn is used for remote users logging in to your network remotely. Although it could solve some of your problems on the remote access side as well as your wireless network side, it might not be the right solution if you have a big enough network. I assume that the vpn portion of of SSL stays the same in that all vpn traffic has to end up at the vpn concentrator(s) at some point or another due to the fact that the encryption will take place between the client and concentrator. (I might be mistaken here on this since I do not work with the VPN concentrator so much). Using 802.1X the authentication will go from client to AP to Radius to Authentication mechanism (LDAP, AD, etc) all of which are the same as VPN. Once the authentication takes place the traffic will no longer go to the concentrators for encryption purposes, which eliminates the chance of a potential bottleneck at the concentrator. The encryption now takes place between the AP and the client. You might still have the potential for a bottleneck at the controller if you are implementing LightWeight AP Protocol (lwapp) because then all your traffic now has to go to the controllers. Although this solution might add overhead, but one device will control traffic for internal users, while another controls traffic for external users. Please keep in mind that this solution is more scalable for larger networks. If your network is small enough you should be able to get away with SSL VPN. Thanks. Jorge Bodden Stephen Holland wrote: I would like to know if anybody is using SSL vpn as an authentication/encryption mechanism for wireless and how successful they have been deploying it. Also, I would be curious to know what other folks think about implementing 802.1x. Specifically do you believe this is something that will be required in the next couple of years to support evolving technology like VoIP phones?. I'm trying to decide if I should deploy an SSL vpn solution without deploying 802.1x. My instinct tells me to plan for 802.1x but I would be curious to hear what others think. Thanks Stephen Holland Network Engineer Northeastern University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. This electronic message is intended to be for the use only of the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] SSL VPN over wireless
I agree with most responses so far with respect to SSL VPNs. At Emory, we started out using PPTP VPNs for authentication and encryption. Last fall, we started offering WPA/WPA2 (802.1x using PEAP) in addition to VPN authentication. We've been working hard at migrating users from VPN access to WPA access since the start of Spring semester. From a user perspective, WPA/WPA2 is a MUCH nicer user experience, especially with Win XP and MACs. Once the user's laptop is set up for WPA, their credentials are cached and they automatically associate & authenticate when they are within network range. It's like connecting to an open wireless system, but with authentication and much better encryption than WEP offers. In contrast, VPN access users need to associate to the wireless network, then start their VPN client to gain network access. Hitting a coverage hole or high levels interference can (and does) cause their VPN connection to drop, necessitating the user to reconnect. I'm not sure how SSL VPNs handle network connection loss, but would recommend you add that test to your evaluation plan. VoIP phones are coming as well, but currently all the models I've seen at best only support WPA-PSK (Pre-Shared Key), not WPA-Enterprise (802.1x), and at worst support WEP or no encryption. Because of the security issues, we've created a special virtual WLAN and SSID to segment and lock down network access for the VoIP phones on our network. Game consoles and other wireless devices can't access our wireless network because they don't support WPA/8092.1x or login via our guest captive portal. This is not necessarily a bad thing (so far). In summary, I would recommend enduring the pain (?) of deploying WPA/WPA2 (80.21x) because of the much stronger security it gives over WEP or an open system and the user ease of use over VPN solutions. Of course, VPN is a "lowest common denominator" for wireless users that can't do WPA, and I see a place for it, as well. FWIW - Emory is running an Aruba system with 1100+ APs (and growing). >>-> Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 [EMAIL PROTECTED] AIM: WLANstan Yahoo!: WLANstan MSN: [EMAIL PROTECTED] Original Message From: Stephen Holland Date: 6/13/2006 5:00 PM I would like to know if anybody is using SSL vpn as an authentication/encryption mechanism for wireless and how successful they have been deploying it. Also, I would be curious to know what other folks think about implementing 802.1x. Specifically do you believe this is something that will be required in the next couple of years to support evolving technology like VoIP phones?. I'm trying to decide if I should deploy an SSL vpn solution without deploying 802.1x. My instinct tells me to plan for 802.1x but I would be curious to hear what others think. Thanks Stephen Holland Network Engineer Northeastern University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] SSL VPN over wireless
We've had very good luck with 802.1x over EAP-TLS and EAP-PEAP. PEAP has been great on WinXP and Mac and offering both provides options for Linux or Palm and PPC. However devices like NintendoDS or Sony Aibo are left without options. SSL VPN with proxy and a "network port connect" option may provide more flexibility there. With many systems like Enterasys, Meru, Trapeze, etc it is possible to set multiple ESSID's up on your AP's with different security policies so using SSL VPN for your common devices and later offering 802.1x WPA etc for phones or whatever other devices you have may be the best way to go if you don't want to go only 1x. We have been testing an Aventail SSL VPN box in our lab for a while now using all three connect options, the proxy, the clientless web based port mapping and the "hard client." I've been quite pleased so far and could see this device replacing our aging PPTP VPN for remote users. It would work quite well for wireless. Mike - Michael G. Ruiz, ESSE ACP A+ Network and Systems Engineer Hobart and William Smith Colleges Information Technology Services P.315-781-3711 F.315-781-3409 Team Leader: Derek Lustig ([EMAIL PROTECTED]) Did you know that HWS Students, Faculty, Staff, Alums, etc can purchase computers, accessories, electronics and software at a discount through our partner CDW-G? http://www.cdwg.com/hws/ - From: Jamie A. Stapleton [mailto:[EMAIL PROTECTED] Sent: Tue 6/13/2006 5:21 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSL VPN over wireless If you have a chance during the demos, I would love to know what you find out about network connect working with Linux, Mac, etc. Our current SSL VPN requires Windows and IE for network connect. -Original Message- From: Foggi, Nicola [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 13, 2006 5:13 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSL VPN over wireless We are actually researching this current idea right now. Between 802.1x and the SSL VPN we are leaning towards the SSL VPN with what some vendors call "network connect" application that's delivered via the web login. Our goal is not have to deal with the problems of 802.1x clients across different students laptops as we don't control what they bring, at the same time provide as close to zero configuration required to get on the wireless. Our current method is WEP with a NetReg type system, so while it's a one time setup, then just a login, we were interessted in seeing how much easier we can make it. In reviewing the numerous SSL VPN's out there, we're leaning towards the ones that can deliver the network connect client (so most if not all applications work) via the web vs a fat client, so students don't have to install anything... I'll let you know how our demo's go! Nicola Foggi Networks and Telecom DePaul University -Original Message- From: Stephen Holland [mailto:[EMAIL PROTECTED] Sent: Tue 6/13/2006 4:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] SSL VPN over wireless I would like to know if anybody is using SSL vpn as an authentication/encryption mechanism for wireless and how successful they have been deploying it. Also, I would be curious to know what other folks think about implementing 802.1x. Specifically do you believe this is something that will be required in the next couple of years to support evolving technology like VoIP phones?. I'm trying to decide if I should deploy an SSL vpn solution without deploying 802.1x. My instinct tells me to plan for 8021x but I would be curious to hear what others think. Thanks Stephen Holland Network Engineer Northeastern University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] SSL VPN over wireless
If you have a chance during the demos, I would love to know what you find out about network connect working with Linux, Mac, etc. Our current SSL VPN requires Windows and IE for network connect. -Original Message- From: Foggi, Nicola [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 13, 2006 5:13 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSL VPN over wireless We are actually researching this current idea right now. Between 802.1x and the SSL VPN we are leaning towards the SSL VPN with what some vendors call "network connect" application that's delivered via the web login. Our goal is not have to deal with the problems of 802.1x clients across different students laptops as we don't control what they bring, at the same time provide as close to zero configuration required to get on the wireless. Our current method is WEP with a NetReg type system, so while it's a one time setup, then just a login, we were interessted in seeing how much easier we can make it. In reviewing the numerous SSL VPN's out there, we're leaning towards the ones that can deliver the network connect client (so most if not all applications work) via the web vs a fat client, so students don't have to install anything... I'll let you know how our demo's go! Nicola Foggi Networks and Telecom DePaul University -Original Message- From: Stephen Holland [mailto:[EMAIL PROTECTED] Sent: Tue 6/13/2006 4:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] SSL VPN over wireless I would like to know if anybody is using SSL vpn as an authentication/encryption mechanism for wireless and how successful they have been deploying it. Also, I would be curious to know what other folks think about implementing 802.1x. Specifically do you believe this is something that will be required in the next couple of years to support evolving technology like VoIP phones?. I'm trying to decide if I should deploy an SSL vpn solution without deploying 802.1x. My instinct tells me to plan for 8021x but I would be curious to hear what others think. Thanks Stephen Holland Network Engineer Northeastern University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. smime.p7s Description: S/MIME cryptographic signature
RE: [WIRELESS-LAN] SSL VPN over wireless
We are actually researching this current idea right now. Between 802.1x and the SSL VPN we are leaning towards the SSL VPN with what some vendors call "network connect" application that's delivered via the web login. Our goal is not have to deal with the problems of 802.1x clients across different students laptops as we don't control what they bring, at the same time provide as close to zero configuration required to get on the wireless. Our current method is WEP with a NetReg type system, so while it's a one time setup, then just a login, we were interessted in seeing how much easier we can make it. In reviewing the numerous SSL VPN's out there, we're leaning towards the ones that can deliver the network connect client (so most if not all applications work) via the web vs a fat client, so students don't have to install anything... I'll let you know how our demo's go! Nicola Foggi Networks and Telecom DePaul University -Original Message- From: Stephen Holland [mailto:[EMAIL PROTECTED] Sent: Tue 6/13/2006 4:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] SSL VPN over wireless I would like to know if anybody is using SSL vpn as an authentication/encryption mechanism for wireless and how successful they have been deploying it. Also, I would be curious to know what other folks think about implementing 802.1x. Specifically do you believe this is something that will be required in the next couple of years to support evolving technology like VoIP phones?. I'm trying to decide if I should deploy an SSL vpn solution without deploying 802.1x. My instinct tells me to plan for 8021x but I would be curious to hear what others think. Thanks Stephen Holland Network Engineer Northeastern University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The WatchGuard Firebox which protects your network detected a message which may not be safe. Cause : The file type may not be safe. Content type : application/ms-tnef File name: winmail.dat Virus status : No information. Action : The Firebox deleted winmail.dat. Your network administrator can not restore this attachment. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] SSL VPN over wireless
We currently use blue socket for wireless without encryption. We own a Cisco SSL capable VPN that we put in place for remote users. I like to treat wireless as a "sort of remote" user so we are looking into using the SSL for this. Also, since there is a good chance that the same user that needs/wants wireless access on campus may take that machine on the road you can architect a solution that allows them the exact same mechanism in both cases so they do not have to learn something new and you do not need to deploy 2 solutions. We also have CCA for student dorms that we plan to start using on the wireless. I am sure 1x is in the future, but do not think a simple VPN deployment will be counterproductive to that future...no mater how soon it is. Let me know if you would like to discuss any details of what we are doing or planning to do. _ Thank you, Gregory R. Scholz Lead Network Engineer Information Technology Group Keene State College (603)358-2070 --Lead, follow, or get out of the way. (author unknown) -Original Message- From: Stephen Holland [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 13, 2006 5:01 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] SSL VPN over wireless I would like to know if anybody is using SSL vpn as an authentication/encryption mechanism for wireless and how successful they have been deploying it. Also, I would be curious to know what other folks think about implementing 802.1x. Specifically do you believe this is something that will be required in the next couple of years to support evolving technology like VoIP phones?. I'm trying to decide if I should deploy an SSL vpn solution without deploying 802.1x. My instinct tells me to plan for 8021x but I would be curious to hear what others think. Thanks Stephen Holland Network Engineer Northeastern University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
