vpn concentrators

Printable View

January 14th, 2002, 02:42 PM
gold eagle

vpn concentrators

Ok new thread - KorpDeath, hope you follow this one....

Does anyone have rec on cisco vpn (3300) vs rsa ace?

:)
January 14th, 2002, 03:25 PM
Wizeman

Well, I've worked with the RSA ACE servers, and they seem to do their job very well. I am, however, a big proponent of Cisco's (CCNA,CCNP), so I am certain their offering is probably pretty good as well. I would imagine that price would be the deciding factor for this one, cause both of the products are of good quality.

So, I guess I recommend the ACE server, just because I've used it before and it works pretty well in a rather large-scale environment.

Regards,
Wizeman
January 14th, 2002, 07:24 PM
gold eagle

Thks Wizeman. - -Did you use 1 2 or 3 lvl auth on your implementation? Currently kicking around 2 lvl but cost is an issue.

:D - Also like cisco but for this fitup have no real favorite.
January 14th, 2002, 07:32 PM
KorpDeath

HUH?

Sorry. It's too complicated for me to follow.

Actually I use the Alcatel VPN product with it's cert server and radius so I can't help. Pretty secure and I've had some attempts. So I'm sticking with it.
January 14th, 2002, 09:30 PM
iNViCTuS

These are two completely different products. RSA ACE server is used for two-factor authentication using tokens. The Cisco 3000 series is a VPN concentrator, used to terminate VPN tunnels.

Ideally, you would want to use the Cisco VPN for your VPN users, and point all VPN authentication to a separate ACE server.
January 14th, 2002, 09:44 PM
gold eagle

Yeah that's where I'm going iNViCTuS. the rsa part has the vpn component added (actually living on a netra t1). The cisco deal uses a radius. Just wondering what the tradeoffs are.

:confused:
January 14th, 2002, 10:09 PM
iNViCTuS

Actually RSA ACE can also use radius. RSA just uses a small bit of code (agent) that sits on your normal authentication server, radius, TACACS+, LDAP, etc. When a user tries to authenticate to the system, the ACE agent intercepts the request, and prompts you for it's login. The ACE server then passes the information (either accepted or rejected) back to the authentication server which then grants or denies the users access.

So again...ACE has nothing to do with VPN other than the fact that it can be used to AUTHENTICATE a VPN user.
January 15th, 2002, 02:16 AM
Wizeman

Actually, Invictus is right. ACE servers are for authentication with these tokens that change their number at a given time interval, and this along with the user's password is used for authentication. As far as I know, it didn't have any VPN capabilites built in. You are going to have to use a VPN terminator to handle the VPN connections.

Sorry!

Regards,
Wizeman
January 15th, 2002, 02:46 PM
gold eagle

Hmmm. (going to sites ref pgs for more info) Ok, need to do more research on this.

thks all.:cool: