[c-nsp] VPN client 64 bit
Joel M Snyder
Joel.Snyder at Opus1.COM
Wed Aug 15 17:54:30 EDT 2007
> Personally, I don't understand why SSL VPN is perceived as a
> Better(TM) solution than IPSec VPN, but maybe that's just me.
> Maybe what is better, is the fact that SSL VPN is licensed?
SSL VPN uses port 443 and TCP, and while those of us who know networks would
much prefer the IP-protocol version of ESP, the cold hard reality of lousy NAT
boxes and stupid network managers and inane security policies and other security
theater is that if you tunnel your VPN through port 443, then it gets through a
heck of a lot better than any other option.
If you wanted to mux-up IKE+ESP on port 443, that would get you 90% of the way
there, although some proxies would obviously figure out that you were funnin'
them and not let it through.
"SSL VPN just works."
I'm not ready to call this "better," but I'll say that "just works" has a lot
going for it.
jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One Phone: +1 520 324 0494
jms at Opus1.COM http://www.opus1.com/jms
More information about the cisco-nsp
mailing list