itdaddy wrote: » I think it is due to IPSEC is so hard to implement. Yeah it works and is secure, but can be hit or miss or cause many network issues.. VPN/SSL is bam it works 99.9% perfect connections..freaking awesome. logmein.com uses it and other alike it is very reliable and stress free. I have worked mildly with it and I have seen others work with and pull their teeth out..too much stress. plus it is an old technology that needs a major makeover. the world is going faster and old technology needs to move out of the way! Once you have used vpn/ssl after using IPSEC you just say holy crap that's all there is too it? and you kind of scratch your head and say WT??? hahhah haha
itdaddy wrote: » it isnt foolish to think anything is going away. It is a balance between convenience and security and sometimes the people in charge want convenience..;)
Ahriakin wrote: » D E C A F
Ahriakin wrote: » No offense but you obviously have never tried setting up an SSL VPN, it doesn't just magically work with the press of a button. IPSec is much more straightforward, learn it's phases and the config necessary for the appliance and it's the same every time. There's a reason Cisco urge SSL configs to be done from the GUI (and have even removed the CLI versions of some functions/not included the new ones), it is a lot more complex to configure when compared to IPsec counterparts if you want to do it right. It's not wishy-washy, or flakey, just the implementations on some devices can be flawed but as a VPN set it's pretty damn good (which is why it has stood the test of time). Also SSL is less efficient, getting better but still not on par. The only advantage it offers over IPSec (and it is a fair one) is convenience for the end use and then ONLY when you're talking about clientless vs. thick client installs . It's advantages for through PAT are only down to using TCP as the transport and you can encapsulate ESP inside UPD or TCP easily enough.
One of the things, though, that forced our hand in moving to SSL VPN was the fact that there isn't an IPSec VPN client (to my knowledge) for Windows Vista/7 or Mac OS X. We also needed support for Linux, which is available both in IPSec and SSL VPN format. What I really liked, though, is the ability to load all four clients - Windows, Mac (PowerPC), Mac (x86), and Linux - and the router will automatically select the proper client for the user's operating system. I'm also digging the idea that, since I set up the router to use RADIUS that authenticates against AD, any user in our network with proper access to use the VPN can log on to the dedicated web page and download the client to any machine they like.
itdaddy wrote: » boys now now. I didnt mean it was gone forever or didnt have a great application or use. I was just saying seems to me and many others that the world demands speed and security and sometimes speed wins somewhat even Cisco you can see is going that route since many vendors are moving that direction. And old technology can be obsolete in the future or the new ones derived from it. That is all I am saying.
itdaddy wrote: » But tiersten, below is my exact point I am trying to say. Dont get me wrong
itdaddy wrote: » I guess what I should of said was not everyone is on the same ban wagon whent it comes to IPSEC protocols and it is dependent on who is using what. Some ISPs use this and some ISPs use that and some companies use this protocol..and or block these ports....It is just very picky, but I agree with what you are saying you have valid points and valid questions. I mean it just seems to be a lot of work sometimes. We have IPSEC vpns at my work here and believe me, it gets crazy when someone changes something so small it wacks it out! And with vpn/ssl type technology it does the job and is efficient that is what I mean.. and Yes, I agree vpn/ssl is very young yet! but I still love it hee hee I know I am lazy, but I like stuff that is not so time wasting let us get on to other stuff. WastedTime, explain how you mean IPSEC is mand. with IPV6 I dont get it I have set up IPV6 at home and I dont need IPSEC??? Explain please thanks....
Ahriakin wrote: » The only advantage it offers over IPSec (and it is a fair one) is convenience for the end use and then ONLY when you're talking about clientless vs. thick client installs . It's advantages for through PAT are only down to using TCP as the transport and you can encapsulate ESP inside UPD or TCP easily enough.
