A typical "Enterprise" VPN implementation includes an enforcement of IP traffic routing. For example, it is not uncommon for the Policy to disallow any IP traffic outside of the IPSec tunnel. So, when a user is connected to the corporate VPN, web surfing, music listening, etc... all IP traffic traverses the VPN, then makes it's way out over the Public Internet (if allowed). Most of the corporate VPN setups I've worked with have a very restrictive Policy. When connected, web surfing passes through some sort of "nanny filter" or a tracking appliance. Access to Internet resources not on the approved list are blocked, everything else is logged with your username on the record. How does the SSL VPN product differ from a custom Apache/SSL solution, I can't see much difference there between this and the ssh tunnels we use for the same purpose. Although, a well constructed IPSec or ssh tunnel solution is a lot more difficult to spoof or crack than is SSL. If you have a need to really keep the bad guys out of your data stream, SSL is not neccessarily secure enough. (Good enough for typical consumer credit card transaction, not good enough for real secrets!) - tom e. ----------------------------- On Wed, 28 Aug 2002, Mike Starke wrote: Would anyone like to comment on this page/article? http://www.aventail.com/ssl_vpn_benefits.asp My only experience with VPN's is either using OpenBSD w/IPsec for Lan-to-Lan connectivity, or we had a Cisco Concentrator and their client software at my last place of employment for the road warriors. I suppose my question would be this: How does this (above link's hardware) differ from connecting to something like an Apache server running SSL? Another question I have in my mind goes like this: At my last employer's place I had a Citrix Server with numerous "Published Applications", and access to these pulblished apps via my debian/apache-ssl intranet web sever. The other neat thing I had in this environment was a NetApp filer. My web server NFS mount'd the NetApp (snapshots) departmental web directories. The departmental 'assignee' maintained their perspective "web site" via their mapped out drives; and the web server just provided the access/front end to all of the info. Now I am wondering if I could create a comparable environment using Linux. Wouldn't it be neat if one could log into their Debian (big D fan :-) apache-ssl server, click on a link, and have a GNU/Enterprise window open that is actually running on my internal Debian/Application Server? v/r Mike -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss