Cisco to unveil SSL VPN features

Cisco Systems Inc. on Monday will announce a new version of its flagship VPN 3000 Series Concentrator product that includes SSL (Secure Sockets Layer) VPN features, IDG News Service has learned.

The San Jose, California company added an SSL VPN (virtual private network) called "WebVPN" to the VPN 3000 Series Concentrator, which will be included with existing IPsec (IP Security Protocol) VPN features at no extra cost, according to the information, which was confirmed by industry analysts.

Cisco did not respond to repeated requests for comment.

SSL VPNs are an increasingly popular technology for providing remote users with access to network resources such as e-mail, software applications and network file servers, according to Dave Kosiur, a senior analyst at The Burton Group Corp.

As opposed to VPNs that use IPsec, SSL VPNs are typically "clientless," meaning they do not require a separate software application to be installed on the remote user's machine. They also rely on the SSL protocol, which is a part of most common Web servers and Web browsers and widely used to secure e-commerce transactions, Kosiur said.

Companies using SSL VPN pass connections through port 443, which most firewalls automatically allow traffic to. In contrast, IPsec requires multiple ports to be opened on firewalls to handle different elements of the IPsec VPN exchange such as message authentication headers and IKE (Internet Key Exchange) traffic, he said.

Because they use clients, IPsec VPNs can be more difficult to manage for large numbers of users. Also, business travellers who rely on IPsec VPNs often find that Internet providers such as hotels have not modified their firewalls to allow IPsec connections, denying them VPN access to their company network from the road, Kosiur said.

IPsec vendors have made progress in resolving such integration problems, but left a window open that SSL VPN vendors have used to grab market share, Kosiur said.

Cisco will offer 3000 Concentrator customers basic, clientless SSL VPN features that will enable users to access e-mail, file sharing servers and Web applications, according to the information obtained.

In addition, the 3000 Concentrator will support a limited thin client mode, in which a Java Web browser plug-in can be downloaded and used to handle operations such as port forwarding for static communications ports, according to Kosiur, who was briefed on the new features by Cisco.

The new SSL VPN features will take advantage of existing VPN 3000 IPsec capabilities such as load-balancing and high availability features, according to information obtained.

The product will not initially support products that do more sophisticated port switching, such as Citrix Systems Inc.'s terminal emulation products or IBM Corp.'s Lotus Sametime instant messaging application, Kosiur said.

That will put them somewhat behind dedicated SSL VPN vendors like Aventail Corp.

"(Cisco) is providing what Aventail or Neoteris were offering nine months ago, so they will need to do some catch-up in terms of offering additional functionality," Kosiur said.

Nevertheless, the features that Cisco is rolling into the 3000 Concentrator should cover around 80 percent of what companies use VPN for, he said.