Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Traffic Management of SSL VPN versus IPSEC VPN
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Traffic Management of SSL VPN versus IPSEC VPN
Traffic Management of SSL VPN versus IPSEC VPN
01-02-2012 10:18 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The traffic management information for the Pro add-on states that VPN is prioritized.
My company is migrating away from a Cisco IPSEC VPN (ESP) client over to a Juniper SSL VPN (443/tcp). Is the traffic management smart enough to recognize this as a VPN and continue to prioritize the traffic, or will my work VPN connection now fall into the browsing bucket?
Many thanks,
Doug
My company is migrating away from a Cisco IPSEC VPN (ESP) client over to a Juniper SSL VPN (443/tcp). Is the traffic management smart enough to recognize this as a VPN and continue to prioritize the traffic, or will my work VPN connection now fall into the browsing bucket?
Many thanks,
Doug
Message 1 of 8
(1,892 Views)
7 REPLIES 7
Re: Traffic Management of SSL VPN versus IPSEC VPN
01-02-2012 10:38 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi there,
If the system you're using uses the default ports for the SSL VPN it should be no different, however if the ports are non-standard then the traffic may be categorised as "other". If connecting to that via a connection with the pro add-on that's classed as Titanium so it shouldn't be a big issue, do bear in mind that it's silver on some account types: http://www.plus.net/support/broadband/speed_guide/traffic_management.shtml
If the system you're using uses the default ports for the SSL VPN it should be no different, however if the ports are non-standard then the traffic may be categorised as "other". If connecting to that via a connection with the pro add-on that's classed as Titanium so it shouldn't be a big issue, do bear in mind that it's silver on some account types: http://www.plus.net/support/broadband/speed_guide/traffic_management.shtml
Message 2 of 8
(802 Views)
Re: Traffic Management of SSL VPN versus IPSEC VPN
01-02-2012 11:02 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks Adam,
Do you believe the system can distinguish between HTTPS used for accessing web pages versus HTTPS used for SSL-VPN connections? They both run over the same port using the same protocol.
Understand that for Extra there is no difference, but my sole reason for buying the Pro add-on will be for the Titanium VPN (I use lots of realtime applications: VoIP, remote access, etc hidden within the VPN) and I'd like to be sure that it works given the migration from IPSEC to HTTPS.
Thanks!
Do you believe the system can distinguish between HTTPS used for accessing web pages versus HTTPS used for SSL-VPN connections? They both run over the same port using the same protocol.
Understand that for Extra there is no difference, but my sole reason for buying the Pro add-on will be for the Titanium VPN (I use lots of realtime applications: VoIP, remote access, etc hidden within the VPN) and I'd like to be sure that it works given the migration from IPSEC to HTTPS.
Thanks!
Message 3 of 8
(802 Views)
Re: Traffic Management of SSL VPN versus IPSEC VPN
01-02-2012 11:05 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote Do you believe the system can distinguish between HTTPS used for accessing web pages versus HTTPS used for SSL-VPN connections?
I doubt it, it depends on the port number, I doubt you'd be using the same ports for browsing as you would for a VPN though?
Message 4 of 8
(802 Views)
Re: Traffic Management of SSL VPN versus IPSEC VPN
01-02-2012 11:09 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Sadly it does use the same port. The main reason companies are moving from IPSEC to SSL-based VPNs is to make it easier for remote staff: especially those working at customer sites where they allow outbound HTTPS but not IPSEC.
Message 5 of 8
(802 Views)
Re: Traffic Management of SSL VPN versus IPSEC VPN
01-02-2012 11:12 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If it helps improve the service for all, I could provide PCAPS from both a a Juniper SSL and a Cisco SSL VPN connection. Perhaps there is something the system can use to identify these common SSL VPN solutions so they can be added to the correct bucket?
Message 6 of 8
(802 Views)
Re: Traffic Management of SSL VPN versus IPSEC VPN
01-02-2012 1:57 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi,
The system is clever enough to be able to tell the difference between HTTPS and VPN on the same port (443 in this case). A PCAP will help (can you make sure you start the capture before starting the VPN) though if it doesn't as it may just need a minor tweak on our side, it depends on the VPN.
The system is clever enough to be able to tell the difference between HTTPS and VPN on the same port (443 in this case). A PCAP will help (can you make sure you start the capture before starting the VPN) though if it doesn't as it may just need a minor tweak on our side, it depends on the VPN.
Dave Tomlinson
Enterprise Architect - Network & OSS
Plusnet Technology
Enterprise Architect - Network & OSS
Plusnet Technology
Message 7 of 8
(802 Views)
Re: Traffic Management of SSL VPN versus IPSEC VPN
01-02-2012 6:57 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks Dave, good to hear that the platform has smart protocol detection.
So it turns out, from examining the capture, that the Juniper VPN is using ESP: it falls-back to SSL only if necessary .
Cisco AnyConnect (using an ASA) is most definitely SSL. I'll send you that pcap privately.
Cheers,
Doug
So it turns out, from examining the capture, that the Juniper VPN is using ESP: it falls-back to SSL only if necessary .
Cisco AnyConnect (using an ASA) is most definitely SSL. I'll send you that pcap privately.
Cheers,
Doug
Message 8 of 8
(802 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Traffic Management of SSL VPN versus IPSEC VPN