I am currently in the early stages of an SRX evaluation and I am looking for some feedback on customers who have kept there existing VPN products in place, say ASA SSL VPN and just injected those subnets into there routing table.
I am contemplating looking at the Juniper SA line and was curious on how the features paired up with Cisco Anyconnect? I currently have role based polices that are checked against ACS to determine which vendors can get to certain resources etc.
I am sure this is possible with the Juniper SA line, Is it tightly integrated with AD for checking groups to determine roles, etc or does it require another product?
I am a Juniper reseller so I am also slightly biased. I think that the Juniper SSL VPN is by far the best solution on the market for SSL access. It kicks #%!* over ACS according to several customers of ours who have evaulated both.
The depth of the product, ease of implementation, are two points.
AD is fully supported for role assignment based on groups. You can also use LDAP against AD to get very granular in your role / resource assignment based on pretty much any AD attribute out there.
The use of what are called "resource profiles" also makes the box very easy to configure. Maps resources to roles and builds out the ACL's all in a single step.
Thanks for the input, I was partially biased to Cisco ASA's but I have been looking at SRX and Palo Alto for a firewall refresh project that I am working on. I feel Juniper has the edge on the enterprise level but the PA has some slick management/reporting features.
With that being said I need to come up with a VPN solution so I am looking at options to either keep my existing ASA and the SSL licenses that I have purchased or evaluate the Juniper SA solution.