maybe a good idea not just to throw this feature request into the pool, think we and maybe Astaro it interested in the pros and cons. Personally I do not see that many advantages for SSL VPNs compared to fully IP transparent IPSec tunnels. Of course there is one major point, it is clientless. On the other hand you depend on applications providing a SSL-webfrontend. How do you wanna handle all the applications without such an interface? Just to be clear I'd love to see SSL-VPN in coming versions. Share your ideas, expectations and arguments about the advantages of SSL-VPN with us.
As you mention, one obvious reason is that it's 'clientless'; in fact it's typically not clientless, but uses a Java applet or a ActiveX component (depending on what you want to access)
But giving VPN access via a Java Applet, would support many more client types (especially handheld types)
The most important reason to use SSL VPN is that it traverses almost any firewall / proxy, since it only requires port 443 to be open, and therefor it's also more secure for the companys to use (in my opnion) - no need to 'drill' more holes
The applications you want to run would either have to be on your client (like IPSEC VPN) or beeing offered by the SSL VPN gateway (typically Java / ActiveX) - like VNC/RDP or you would use a RDP/VNC client (offered by the SSLVPN gateway) to connect to a 'jumpstation' where all you applications are installed /running...smooth, very secure and very client friendly...
As you mention, one obvious reason is that it's 'clientless'; in fact it's typically not clientless, but uses a Java applet or a ActiveX component (depending on what you want to access)
But giving VPN access via a Java Applet, would support many more client types (especially handheld types)
The most important reason to use SSL VPN is that it traverses almost any firewall / proxy, since it only requires port 443 to be open, and therefor it's also more secure for the companys to use (in my opnion) - no need to 'drill' more holes
The applications you want to run would either have to be on your client (like IPSEC VPN) or beeing offered by the SSL VPN gateway (typically Java / ActiveX) - like VNC/RDP or you would use a RDP/VNC client (offered by the SSLVPN gateway) to connect to a 'jumpstation' where all you applications are installed /running...smooth, very secure and very client friendly...
