130 likes | 293 Views
UAB VPN Service. David Wolford, Communications Network Specialist. UAB Virtual Private Network. User Services has provided VPN for many years First service was called PopTop and used PPTP Second and current service uses a Cisco 3060 VPN concentrator and uses IPSEC
E N D
UAB VPN Service David Wolford, Communications Network Specialist
UAB Virtual Private Network • User Services has provided VPN for many years • First service was called PopTop and used PPTP • Second and current service uses a Cisco 3060 VPN concentrator and uses IPSEC • We currently average ~ 50 IPSEC concurrent users
System Information • Current appliance is a Cisco 3060 which has been in service for approximately eight years. • We are preparing two Cisco ASA 5550 security appliances to replace our 3060 in the near future. • The Cisco ASA 5550’s will provide load sharing redundancy and will allow us to use the Cisco SSL client.
Reasons to Upgrade Service • Cisco 3060 was originally purchased for wireless users. It was pressed into service with the blocking of Microsoft ports and is now end-of-life by Cisco. • Implementation of border firewall and plans of tighter border security will increase the need. • Cisco is favoring SSL for newer OS platforms like Windows 64-bit.
VPN Client Options • Cisco IPSEC client IPSEC not available for 64 Bit Windows • SSL Client
Departmental VPN Groups • Offers IP addresses from a defined pool of addresses for firewall traversal and resource access • DCNS can add or remove users from groups • Works with SSL and IPSEC VPN
On the Horizon • Integration with campus NAC • Two factor authentication