cancel
Showing results for 
Search instead for 
Did you mean: 

Traffic Management of SSL VPN versus IPSEC VPN

DougMa
Grafter
Posts: 115
Thanks: 3
Registered: ‎09-09-2011

Traffic Management of SSL VPN versus IPSEC VPN

The traffic management information for the Pro add-on states that VPN is prioritized.
My company is migrating away from a Cisco IPSEC VPN (ESP) client over to a Juniper SSL VPN (443/tcp).  Is the traffic management smart enough to recognize this as a VPN and continue to prioritize the traffic, or will my work VPN connection now fall into the browsing bucket?
Many thanks,
Doug
7 REPLIES 7
adamwalker
Plusnet Help Team
Plusnet Help Team
Posts: 16,871
Thanks: 882
Fixes: 221
Registered: ‎27-04-2007

Re: Traffic Management of SSL VPN versus IPSEC VPN

Hi there,
If the system you're using uses the default ports for the SSL VPN it should be no different, however if the ports are non-standard then the traffic may be categorised as "other". If connecting to that via a connection with the pro add-on that's classed as Titanium so it shouldn't be a big issue, do bear in mind that it's silver on some account types: http://www.plus.net/support/broadband/speed_guide/traffic_management.shtml
If this post resolved your issue please click the 'This fixed my problem' button
 Adam Walker
 Plusnet Help Team
DougMa
Grafter
Posts: 115
Thanks: 3
Registered: ‎09-09-2011

Re: Traffic Management of SSL VPN versus IPSEC VPN

Thanks Adam,
Do you believe the system can distinguish between HTTPS used for accessing web pages versus HTTPS used for SSL-VPN connections?  They both run over the same port using the same protocol.
Understand that for Extra there is no difference, but my sole reason for buying the Pro add-on will be for the Titanium VPN (I use lots of realtime applications: VoIP, remote access, etc hidden within the VPN) and I'd like to be sure that it works given the migration from IPSEC to HTTPS.
Thanks!
adamwalker
Plusnet Help Team
Plusnet Help Team
Posts: 16,871
Thanks: 882
Fixes: 221
Registered: ‎27-04-2007

Re: Traffic Management of SSL VPN versus IPSEC VPN

Quote
Do you believe the system can distinguish between HTTPS used for accessing web pages versus HTTPS used for SSL-VPN connections?

I doubt it, it depends on the port number, I doubt you'd be using the same ports for browsing as you would for a VPN though?
If this post resolved your issue please click the 'This fixed my problem' button
 Adam Walker
 Plusnet Help Team
DougMa
Grafter
Posts: 115
Thanks: 3
Registered: ‎09-09-2011

Re: Traffic Management of SSL VPN versus IPSEC VPN

Sadly it does use the same port.  The main reason companies are moving from IPSEC to SSL-based VPNs is to make it easier for remote staff: especially those working at customer sites where they allow outbound HTTPS but not IPSEC.
DougMa
Grafter
Posts: 115
Thanks: 3
Registered: ‎09-09-2011

Re: Traffic Management of SSL VPN versus IPSEC VPN

If it helps improve the service for all, I could provide PCAPS from both a a Juniper SSL and a Cisco SSL VPN connection.  Perhaps there is something the system can use to identify these common SSL VPN solutions so they can be added to the correct bucket?
dave
Plusnet Help Team
Plusnet Help Team
Posts: 12,257
Thanks: 306
Fixes: 4
Registered: ‎04-04-2007

Re: Traffic Management of SSL VPN versus IPSEC VPN

Hi,
The system is clever enough to be able to tell the difference between HTTPS and VPN on the same port (443 in this case). A PCAP will help (can you make sure you start the capture before starting the VPN) though if it doesn't as it may just need a minor tweak on our side, it depends on the VPN.
Dave Tomlinson
Enterprise Architect - Network & OSS
Plusnet Technology
DougMa
Grafter
Posts: 115
Thanks: 3
Registered: ‎09-09-2011

Re: Traffic Management of SSL VPN versus IPSEC VPN

Thanks Dave, good to hear that the platform has smart protocol detection.
So it turns out, from examining the capture, that the Juniper VPN is using ESP: it falls-back to SSL only if necessary Crazy .
Cisco AnyConnect (using an ASA) is most definitely SSL.  I'll send you that pcap privately.
Cheers,
Doug