Cisco, Nortel to embrace SSL-based VPNs

Cisco and Nortel - arguably the two biggest names in IP Security VPNs - are getting ready to shake up the fast-growing Secure Sockets Layer segment of the market, which they've largely ignored until now.

Cisco today is expected to announce that in January it will add SSL support to its existing VPN 3000 IPSec concentrators. The support will come as a free software upgrade called WebVPN for current customers that have support contracts. Cisco says that over time it will add SSL support to its IOS, making the functionality available to other devices.

Meanwhile, Nortel says it will add SSL support to its Contivity IPSec VPN gear in the second quarter of next year. The company next month is set to release a new hardware platform called VPN Gateway 3050 that will support SSL remote access. An upgrade to the 3050 in the second quarter of next year will support IPSec VPNs.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Cisco and Nortel - arguably the two biggest names in IP Security VPNs - are getting ready to shake up the fast-growing Secure Sockets Layer segment of the market, which they've largely ignored until now.

Cisco today is expected to announce that in January it will add SSL support to its existing VPN 3000 IPSec concentrators. The support will come as a free software upgrade called WebVPN for current customers that have support contracts. Cisco says that over time it will add SSL support to its IOS, making the functionality available to other devices.

Meanwhile, Nortel says it will add SSL support to its Contivity IPSec VPN gear in the second quarter of next year. The company next month is set to release a new hardware platform called VPN Gateway 3050 that will support SSL remote access. An upgrade to the 3050 in the second quarter of next year will support IPSec VPNs.

Nortel already has SSL support on its Alteon load-balancing switch, but this is its first IPSec/SSL product. The new device will cost about $11,000, one-third less than a comparable Alteon box.

The network giants, Cisco in particular because of its enormous corporate installed base, are likely to shake up the young SSL VPN world, which until now has been dominated by relatively new companies with a single focus on SSL remote access. SSL remote access has grown in popularity because it lets users connect securely to corporate networks from any Internet-connected computer, eliminating the need to distribute and manage client software on remote machines. This also gives users more options for connecting, such as at Internet kiosks and wireless hot spots, or via home computers. SSL also can save companies money because it requires less administration.

A wealth of SSL remote-access companies sprung up - some have grown, some have been bought and some have folded - before Cisco and Nortel came up with hybrid SSL/IPSec offerings. The list includes AEP, Aspelle (now folded), Aventail, Netilla, Neoteris (bought by NetScreen Technologies), SafeWeb (bought by Symantec) uRoam (bought by F5 Networks) and Whale Communications. These companies sell gear priced from $3,000 to $10,000, says Joel Conover, principal analyst of enterprise infrastructure for Current Analysis.

Adding SSL functionality at no charge will pressure other vendors to drop prices, which were destined to come down anyway. "Usually when you add functionality, you charge for it," Conover says.

Even before Nortel and Cisco made their moves, they affected users' decisions. Most of the likely customers wanted to see what Cisco would do before adopting SSL remote-access technology in their business networks, says Zeus Kerravala, an analyst with The Yankee Group, which surveyed network executives. "The mass market has been sitting on the sidelines waiting," he says. Now the wait is over.

But for all its clout, Cisco might have waited too long for some customers. Catholic Health Systems of Buffalo, N.Y., has installed SSL remote-access gear from Neoteris because distributing IPSec client software to PCs owned by doctors in private practice didn't work, says Doug Torre, director of networking and technical services for the healthcare provider.