UAB VPN ServiceUAB VPN Service

David Wolford, Communications Network SpecialistDavid Wolford, Communications Network Specialist

UAB Virtual Private NetworkUAB Virtual Private Network

User Services has provided VPN for many years First service was called PopTop and used PPTP Second and current service uses a Cisco 3060 VPN

concentrator and uses IPSEC We currently average ~ 50 IPSEC concurrent users

System InformationSystem Information

Current appliance is a Cisco 3060 which has been in service for approximately eight years.

We are preparing two Cisco ASA 5550 security appliances to replace our 3060 in the near future.

The Cisco ASA 5550’s will provide load sharing redundancy and will allow us to use the Cisco SSL client.

Reasons to Upgrade ServiceReasons to Upgrade Service

Cisco 3060 was originally purchased for wireless users. It was pressed into service with the blocking of Microsoft ports and is now end-of-life by Cisco.

Implementation of border firewall and plans of tighter border security will increase the need.

Cisco is favoring SSL for newer OS platforms like Windows 64-bit.

ASA5550ASA5550

VPN Client OptionsVPN Client Options Cisco IPSEC client

IPSEC not available for 64 Bit Windows SSL Client

Client DownloadClient Downloadhttps://vpndpo.dpo.uab.eduhttps://vpndpo.dpo.uab.edu

SSL VPN Client SSL VPN Client

Cisco IPSEC ClientCisco IPSEC Client

Departmental VPN GroupsDepartmental VPN Groups

Offers IP addresses from a defined pool of addresses for firewall traversal and resource access

DCNS can add or remove users from groups Works with SSL and IPSEC VPN

Network DiagramNetwork Diagram

Split TunnelingSplit Tunneling

On the HorizonOn the Horizon

Integration with campus NAC Two factor authentication