- Insider threat looms large in San Francisco
- Woman fired over death threat
- IT admin pleads not guilty
- Tape storage gets more dense
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Cisco has put its most-advanced SSL VPN technology into its Adaptive Security Appliance 5540 with Version 7.1. In our test of a late beta of that software, we found that while it provides a solid and compact feature set for creating smaller SSL VPN extranets or adding SSL VPN network extension to improve compatibility for road warriors, its does not equal the capabilities of stand-alone SSL VPN products.
The Cisco ASA has a more advanced SSL VPN feature set than the VPN 3000 series it will eventually replace. Additionally, Cisco will let you add a less sophisticated SSL VPN feature set to both IOS routers and Catalyst 6500-series switches (in the form of a SSL VPN service module).
We put the Cisco ASA through a slightly reduced testing cycle than we used in our recent industrywide test.
In our authentication and authorization tests, we discovered that while the ASA claims to support Active Directory and Sun's Lightweight Directory Access Protocol server, it didn't support our schema of the Sun LDAP server. When we tried switching over to our SecurID RADIUS server, we discovered that Cisco fully supports the additional RADIUS messages required to integrate with SecurID.
However, Cisco had no flexibility in mapping users to groups, and would have required us to change our existing RADIUS schema, breaking all the other applications plugged into SecurID. The ASA SSL VPN implementation does allow users to authenticate with digital certificates, but we didn't test this feature.
In our fine-grained access-control tests, we found that the ASA uses numbered access-control lists (ACL) to define what Web and file resources a client can use when connected to the SSL VPN. Each client can be in one group, which then has a single access list, a barrier to scalability and flexibility.
Our policy from the SSL VPN test couldn't be translated to the ASA, because the ASA doesn't have the same fine-grained access controls we were looking for, such as the ability to limit access to applications within a Web server.
We found the management style for resources to be confusing. In addition to the ACLs for Web and file resources, there's an additional place in the GUI for port forwarding, while access controls on network extension features are in a third place.
Rss FeedRss Feed
hey buddy, you save my life :D thanx alot- Hamid
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment