Requirement Overview
With the development of enterprise informatization and the advancement of communication technology, more and more people choose remote office/mobile office to access internal information applications of enterprises. There are two ways to use VPN technology for remote access: IPSec VPN and ssl vpn.
IPSec VPN can provide Internet-based encrypted tunnels to meet all TCP/IP network-based application needs. It is mainly used to establish secure connections between two LAN networks. However, for desktop applications such as remote mobile office, a specific client must be installed.
The advantage of ssl vpn lies in the security and ease-of-use of Web application access. Information is transmitted through the security features of the SSL protocol, and the client can be conveniently applied without any installation or configuration. At the same time, the SSL-based feature makes it easy to combine this method with the existing security infrastructure such as the enterprise's CA.
However, ssl vpn cannot replace IPSec VPN. Because these two technologies are currently applied in different fields. More ssl vpn applications are used for remote secure Web access. However, IPSec VPN is not limited to Web applications, but a virtual private network, with more functions and application scalability.
To make it easier for users to use ssl vpn for convenience and security while working remotely, the IPSec VPN Protocol also supports all-round features, times Yixin company launched the mobile office security access device-SecureVPN, which combines IPSec and SSL. The main feature of this series of products is the perfect combination of IPSec and SSL mainstream VPN technologies on the same device. Users can configure as needed based on the characteristics and requirements of the enterprise's information system to implement a customized VPN system.
Analysis of SecureVPN application of an enterprise
When you are on a business trip or working at home, you can perform a remote mobile office to achieve the following purposes:
1. Leaders can log on to the OA system at any time to handle to-do transactions in a timely manner.
2. Employees can log on to the internal enterprise email system at any time to send and receive emails in a timely manner.
3. system maintenance personnel can log on to the OA server through a Windows terminal to view the running status.
4. the user identity authentication adopts the USB-KEY method.
The implementation topology is shown below:
Implementation result:
1. for a WEB-based OA system, you can use broadband, GPRS, CDMA, dial-up and other connections to perform remote and secure access through SSLVPN.
2. for internal email servers, you can use the WEB or client tools such as Outlook/Foxmail for secure access to SSLVPN.
3. system maintenance personnel can use IPSec to access the internal LAN and connect to the server through a Windows terminal for operations.
4. User identity authentication uses CA certificate-based USB-KEY two-factor authentication.
Advantages of SecureVPN
Two TypesVPN Mode Combination |
CompatibleSSL VPNAndIPSec VPNThe advantages of the two modesVPNOrganically combined. You can use differentVPNMode. |
Reduce total retention costsTCO) |
Reduces support overhead, eliminates Client System Calendar maintenance, reduces management burden, and eliminates the need to modify network resources, remote devices, or network architecture; |
Easy to install and use |
Quick installation; intuitive and familiar browser interface; |
Client is not requiredUser Installation |
Based onIn SSL mode, you can directly use the browser and use the IPSec mode,Through the server"Push" technology to automatically complete the VPN configuration of the client without the user's participation in the installation. |
Supports multiple authentication technologies |
Supports dynamic Token Authentication, digital certificate authentication, smart card authentication, and the most basic user name and password authentication. |
Cluster Technology |
MultipleSecureVPN stack to increase the load capacity of the system |
Reliability |
Supports hot failover between the coupled server and the Standby server without any session interruption or termination; |
Availability |
Based onRemote web access is suitable for all ISP connections. It can also run normally behind other firewalls. It runs completely on HTTP (Secure Application Layer Internet Protocol. |
COMPARISON OF SOLUTIONS
Compare the various solutions used by remote mobile office:
IPSec VPN:
Advantages: support for all TCP/IP protocols; good support for LAN interconnection.
Insufficient: the client software must be installed and configured. The advantage is that the firewall may penetrate the network, and the access user permission control is insufficient.
Ssl vpn:
Advantages: it is easy to use and does not need to be installed. It can control access to the application layer.
Insufficient: ssl vpn cannot connect to multiple local networks and does not support non-WEB applications.
SecureVPN:
Advantages: the advantages of IPSec VPN and ssl vpn in remote access; no user installation required; support for multiple protocols; support for multiple authentication methods; and convenient combination with existing infrastructure such as CA; flexible module configuration and high scalability.
Deficiency: mainly for remote mobile office access, no LAN interconnection function. (