Anonymous_User Absent Member.
Absent Member.
223 views

NAM 4.0 and SSL VPN options


Hello,

As per the NAM 4.0 documentation (Yet to go through the documentation in
deep) it seems like we can implement SSL VPN in a few different ways as
follows.

1. ESP Enabled SSL VPN
2. Traditional SSL VPN
3. SSL VPN implemented along with NAM 4.0 Appliance as a Protected
Resource.

Anybody knows advantages/disadvantages between the above three options
available?

Have a few questions as follows.

1. It looks like the NAM 4.0 Appliance based SSL VPN is Traditional SSL
VPN. Is that correct?
2. Is there any advantages/disadvantages the ESP Enabled/Traditional SSL
VPN of regular NAM has over the SSL VPN provided by NAM Appliance (3.2.x
or 4.0)?
3. Let us know if there are any other important information w.r.to which
option we should go for.

Thanks,
John.


--
Jmavely
------------------------------------------------------------------------
Jmavely's Profile: https://forums.netiq.com/member.php?userid=4882
View this thread: https://forums.netiq.com/showthread.php?t=50770

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: NAM 4.0 and SSL VPN options


Jmavely;244250 Wrote:
> Hello,
>
> As per the NAM 4.0 documentation (Yet to go through the documentation in
> deep) it seems like we can implement SSL VPN in a few different ways as
> follows.
>
> 1. ESP Enabled SSL VPN
> 2. Traditional SSL VPN
> 3. SSL VPN implemented along with NAM 4.0 Appliance as a Protected
> Resource.
>
> Anybody knows advantages/disadvantages between the above three options
> available?
>
> Have a few questions as follows.
>
> 1. It looks like the NAM 4.0 Appliance based SSL VPN is Traditional SSL
> VPN. Is that correct?
> 2. Is there any advantages/disadvantages the ESP Enabled/Traditional SSL
> VPN of regular NAM has over the SSL VPN provided by NAM Appliance (3.2.x
> or 4.0)?
> 3. Let us know if there are any other important information w.r.to which
> option we should go for.
>
> Thanks,
> John.


I will preface this by saying that SSL VPN is deprecated starting in
version NAM 4. I'm not sure what that means in terms of updates, but I
would expect to see only security updates, if anything at all. Support
will probably be dropped entirely in the near future. I have recently
decommissioned SSL VPN out of my installations for this reason.

Personally, I have only dealt with the traditional SSL VPN.
Theoretically, the ESP enabled SSL VPN tends to follow the Access
Manager principles and architecture. I also think the initial setup
would be easier than traditional SSL VPN, but I didn't see a compelling
reason to move my existing traditional SSL VPN to this configuration.

Regarding your specific questions:
1) I haven't looked at the Appliance in a little while, but if I recall
correctly, it does use traditional SSL VPN
2) The main advantages that I see of a separate SSL VPN server are (1)
separation/horizontal scaling if you expect to push a lot of VPN traffic
and (2) putting only a single component in the DMZ rather than the
entire appliance
3) Just my first point above regarding the deprecation of SSL VPN


--
MatthewEhle
------------------------------------------------------------------------
MatthewEhle's Profile: https://forums.netiq.com/member.php?userid=4
View this thread: https://forums.netiq.com/showthread.php?t=50770

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: NAM 4.0 and SSL VPN options


Thanks for your reply and time, Matthew.

Regards,
John.


--
Jmavely
------------------------------------------------------------------------
Jmavely's Profile: https://forums.netiq.com/member.php?userid=4882
View this thread: https://forums.netiq.com/showthread.php?t=50770

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: NAM 4.0 and SSL VPN options


Hallo Matthew,

How did you uninstall ssl vpn, I can't find any recent documentation on
that, (I am using nam appliance 4.0.1)

Regards,
Laszlo


--
dcfiscl
------------------------------------------------------------------------
dcfiscl's Profile: https://forums.netiq.com/member.php?userid=4506
View this thread: https://forums.netiq.com/showthread.php?t=50770

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.