RealTime IT News

Aventail Expands SSL VPN to include more IPsec

Though SSL VPNs have been around for over a decade, they are still competing against their traditional rival IPsec VPNs. SSL VPN vendor Aventail is now blurring the lines between technologies integrating some key IPsec features into its new Aventail 9.0 SSL VPN product lineup.

The new release from Aventail is the first since Aventail was acquired by networking equipment vendor SonicWall six months ago. It also brings new capabilities and integration to Aventail's product lineup, which Aventail hopes, will make the solution more competitive against solutions from industry juggernauts like Cisco and Juniper.

"There is still a huge base of IPsec VPNs in use for both remote access and for site to site branch office connectivity," Chris Witeck, Director of Product Marketing at SonicWALL told InternetNews.com. "We see organizations are gradually replacing their IPsec, VPNs when the solution they have is fully depreciated or no longer supported."

IPsec VPNs traditionally require some form of client application at the user end in order to access network assets. By contrast, SSL-VPNs typically utilize a Web browser in order to facilitate access, though end-user clients are also common.

Witeck noted that for some IPsec users there have been features that they were used to that they weren't getting on SSL VPNs. So Aventail in response has now added in some features that traditionally had only been found on IPsec VPNs.

One such feature set is something Aventail refers to as Smart Traffic Tunneling capabilities. Witeck explained that on IPsec you can run the VPN where all traffic is redirected to the gateway so you can do filtering at the gateway. Or alternatively you can do split tunneling where only network traffic goes through the gateway and then outbound traffic goes through the Internet. Usually redirect is considered to be more secure but it has some problems.

One of the issues with redirect is that a user can lose local access to their own network. So, for example, they might not be able to access a local printer. What Aventail has done is added a redirect that allows the VPN administrators to let users also connect to local networks.

Another feature that Aventail is adding in is the ability to terminate an existing connection prior to having an SSL VPN session. Witeck noted that there is a concern sometimes with notebooks that there may already be another user that is connected to the notebook. So what Aventail does now is first identify whether there are any other remote connections into the endpoint; if so, it can then terminate it prior to opening the new SSL VPN session.

High availability functionality from IPsec is also being brought into Aventail's SSL VPN with something called tunnel fallback. What tunnel fallback provides is the ability on the client side to detect if a particular gateway is available and if not it will automatically connect to another gateway.

While the IPsec versus SSL VPN rivalry has raged for nearly a decade, there is now a move toward a hybrid approach. In February of 2007, Cisco put out its AnyConnect VPN client which offers both technologies in a hybrid approach.

"We believe it's an SSL VPN only world but in reality it's still really close to a hybrid," Witeck said.

Witeck said Aventail will continue to maintain however that SSL VPN is better because it's easier to offer more granular control than IPsec. He did admit however, that SSL VPNs can still be more expensive than IPsec.

"That can still be the case in terms of sticker price as SSL VPNs tend to be more expensive per user but that is changing," Witeck said. "We haven't lowered prices but we haven't raised prices in 4 or 5 years so if you factor in inflation, our pricing has gotten cheaper over the years. Also while there may be a delta in the per user cost, management is easier with SSL so the operational cost of SSL VPN is lower."

Aside for dealing with the usual IPsec versus SSL VPN technology issues, Aventail has also been busy the last six months, being integrated into its new parent company. Witeck noted that so far the integration has come along well with most of the engineering team and staff being promoted inside of SonicWall.

While many staff have stayed on so far, there is one notable exception; former CEO and founder Evan Kaplan who ended his tenure at the firm this month.