Bringing greater flexibility in implementing Virtual Private Networks for remote users, Cisco Systems Inc. Monday added support for Secure Socket Layer VPN access in its Cisco VPN 3000 Series Concentrators.
The new WebVPN capability, due in a software update for the 3000 Series Concentrators in January, beefs up the models IPSec remote access VPN functions, bringing SSL remote access to Cisco offerings for the first time.
WebVPN provides client-less VPN access for remote users into Web pages, and support for a variety of electronic messaging systems, file sharing as well as non-Web, legacy applications running on mainframes. Users can download a Java applet that enables Telnet or SSH access to such applications, according to Pete Davis, product line manager for remote access VPNs at Cisco in Franklin, Mass.
The new upgrade, free for customers with maintenance contracts, will be a feature of release 4.1 of the software for the 3000 Series Concentrators. It will, however, exact a performance hit to the VPNs for users running both types of connections.
Although no formula has yet been set for determining the optimum mix of each type of user, the 3005 1 rack unit model will be able to support up to 200 IP Sec sessions and 25 VPN clients, Davis said.
Management and configuration of the SSL VPN will be done using the same Web-based interface used for IPSec VPNs. “As an administrator, you can go to a secure Web page on the concentrator and use that to configure IPSec or SSL permissions. The same types of authentication mechanism will be used as well. Those include RADIUS, Windows NT Domain name and Active Directory authentications.
“It still is a fairly small market [for SSL VPNs] at this point. But, we expect there is lot of interest in this functionality. SSL helps to extend remote access to more users than in the past. You now can reach beyond corporate laptops,” Davis said.
In a separate announcement, Cisco added two new models to its 1700 line of security access routers. The new 1711 and 1712 models bring a three-fold performance increase over the existing 1710 router for small and medium-sized business or branch office users.
The routers, which provide VPN, firewall and intrusion-detection capabilities, also bring redundant WAN link capability to a fixed-configuration form factor. The 1711 provides a dial modem backup capability, and the 1712 provides an ISDN backup link. The new models also integrate a four-port LAN switch into the fixed configuration models, which are priced at $1,295 and are available now.