OK, I'll admit that I'm very green when it comes to Juniper VPN Appliances and remote access for PC's. However, I'm really curious about a few things. My current remote access environment, the VPN client launches prior to the login, so we can do the machine authentication portion of the Windows security model. Once the VPN session is established, then the user can log in, as if they were directly attached to the corporate LAN.
Everything that i've either read or seen so far seems to be ssl and browser based, which is not exactly what I'm looking for. Is there an actual software client that can be installed, using a variety of authentication types, like x509 certs, RSA tokens or smartcards?
Thanks for indulging me and my dumb questions.
Full layer 3 connectivity is provided through the Network Connect client which can be downloaded and also launch independently of the browser session.
The box supports complete host check and provides for machine auth prior to login. It also supports certificate auth, tokens, etc. The browser access is simply one of the three access levels provided (refered to Core, SAM and Network Connect) - you choose the appropriate level access for the user group coming into the box.
I'd like to add: NC (Network Connect, which is the VPN client on the SSL VPN) can launch before the windows login if you enable the GINA (graphical identification and authentication) option. NC can use NCP (SSL transport 443/tcp) or ESP (port 4500/udp) as a transport protocol.
What are the longterm prospects of Network Connect? Reason I ask is that it seems as if industry is hedging almost everything on ssl/secure portals, rather than a traditional ipsec vpn session, for a mobile laptop.
But thank you for your answer, that's what I was looking for.