Though SSL VPNs
SSL VPN vendor Aventail is now blurring the lines between technologies
integrating some key IPsec features into its new Aventail 9.0 SSL VPN
The new release from Aventail is the first since Aventail was acquired by
networking equipment vendor SonicWall six months ago. It also brings new capabilities and integration to
Aventail’s product lineup, which Aventail hopes, will make the solution more
competitive against solutions from industry juggernauts like Cisco and
“There is still a huge base of IPsec VPNs in use for both remote access and for site to site branch office connectivity,” Chris Witeck, Director of
Product Marketing at SonicWALL told InternetNews.com. “We see
organizations are gradually replacing their IPsec, VPNs when the solution
they have is fully depreciated or no longer supported.”
IPsec VPNs traditionally require some form of client application at the user
end in order to access network assets. By contrast, SSL-VPNs typically
utilize a Web browser in order to facilitate access, though end-user clients
are also common.
Witeck noted that for some IPsec users there have been features that they
were used to that they weren’t getting on SSL VPNs. So Aventail in response
has now added in some features that traditionally had only been found on
One such feature set is something Aventail refers to as Smart Traffic
Tunneling capabilities. Witeck explained that on IPsec you can run the VPN
where all traffic is redirected to the gateway so you can do filtering at
the gateway. Or alternatively you can do split tunneling where only network
traffic goes through the gateway and then outbound traffic goes through the
Internet. Usually redirect is considered to be more secure but it has some
One of the issues with redirect is that a user can lose local access to
their own network. So, for example, they might not be able to access a local
printer. What Aventail has done is added a redirect that allows the VPN administrators to let users also connect to local networks.
Another feature that Aventail is adding in is the ability to terminate an
existing connection prior to having an SSL VPN session. Witeck noted that
there is a concern sometimes with notebooks that there may already be
another user that is connected to the notebook. So what Aventail does now is
first identify whether there are any other remote connections into the
endpoint; if so, it can then terminate it prior to opening the new SSL VPN session.
High availability functionality from IPsec is also being brought into
Aventail’s SSL VPN with something called tunnel fallback. What tunnel
fallback provides is the ability on the client side to detect if a
particular gateway is available and if not it will automatically connect to
While the IPsec versus SSL VPN rivalry has raged for nearly a decade, there
is now a move toward a hybrid approach. In February of 2007, Cisco put out
its AnyConnect VPN
client which offers both technologies in a hybrid approach.
“We believe it’s an SSL VPN only world but in reality it’s still really
close to a hybrid,” Witeck said.
Witeck said Aventail will continue to maintain however that SSL VPN is better because it’s easier to offer more granular control than IPsec. He did admit however, that SSL VPNs can still be more expensive than IPsec.
“That can still be the case in terms of sticker price as SSL VPNs tend to be
more expensive per user but that is changing,” Witeck said. “We haven’t
lowered prices but we haven’t raised prices in 4 or 5 years so if you factor in inflation, our pricing has gotten cheaper over the years. Also while there
may be a delta in the per user cost, management is easier with SSL so the
operational cost of SSL VPN is lower.”
Aside for dealing with the usual IPsec versus SSL VPN technology issues,
Aventail has also been busy the last six months, being integrated into its
new parent company. Witeck noted that so far the integration has come along
well with most of the engineering team and staff being promoted inside of
While many staff have stayed on so far, there is one notable exception; former
CEO and founder Evan Kaplan who ended his tenure at the firm this month.