Results 1 to 9 of 9

Thread: vpn concentrators

  1. #1
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193

    Question vpn concentrators

    Ok new thread - KorpDeath, hope you follow this one....

    Does anyone have rec on cisco vpn (3300) vs rsa ace?

    Trappedagainbyperfectlogic.

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    143
    Well, I've worked with the RSA ACE servers, and they seem to do their job very well. I am, however, a big proponent of Cisco's (CCNA,CCNP), so I am certain their offering is probably pretty good as well. I would imagine that price would be the deciding factor for this one, cause both of the products are of good quality.

    So, I guess I recommend the ACE server, just because I've used it before and it works pretty well in a rather large-scale environment.

    Regards,
    Wizeman
    \"It\'s only arrogrance if you can\'t back it up, otherwise it is confidence.\" - Me

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193

    Smile

    Thks Wizeman. - -Did you use 1 2 or 3 lvl auth on your implementation? Currently kicking around 2 lvl but cost is an issue.

    - Also like cisco but for this fitup have no real favorite.
    Trappedagainbyperfectlogic.

  4. #4
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628

    HUH?

    Sorry. It's too complicated for me to follow.

    Actually I use the Alcatel VPN product with it's cert server and radius so I can't help. Pretty secure and I've had some attempts. So I'm sticking with it.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    These are two completely different products. RSA ACE server is used for two-factor authentication using tokens. The Cisco 3000 series is a VPN concentrator, used to terminate VPN tunnels.

    Ideally, you would want to use the Cisco VPN for your VPN users, and point all VPN authentication to a separate ACE server.

  6. #6
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    Yeah that's where I'm going iNViCTuS. the rsa part has the vpn component added (actually living on a netra t1). The cisco deal uses a radius. Just wondering what the tradeoffs are.

    Trappedagainbyperfectlogic.

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Actually RSA ACE can also use radius. RSA just uses a small bit of code (agent) that sits on your normal authentication server, radius, TACACS+, LDAP, etc. When a user tries to authenticate to the system, the ACE agent intercepts the request, and prompts you for it's login. The ACE server then passes the information (either accepted or rejected) back to the authentication server which then grants or denies the users access.

    So again...ACE has nothing to do with VPN other than the fact that it can be used to AUTHENTICATE a VPN user.

  8. #8
    Senior Member
    Join Date
    Jul 2001
    Posts
    143
    Actually, Invictus is right. ACE servers are for authentication with these tokens that change their number at a given time interval, and this along with the user's password is used for authentication. As far as I know, it didn't have any VPN capabilites built in. You are going to have to use a VPN terminator to handle the VPN connections.

    Sorry!

    Regards,
    Wizeman
    \"It\'s only arrogrance if you can\'t back it up, otherwise it is confidence.\" - Me

  9. #9
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193

    Unhappy

    Hmmm. (going to sites ref pgs for more info) Ok, need to do more research on this.

    thks all.
    Trappedagainbyperfectlogic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •