Cisco Systems Inc. has announced a single client for its three lines of VPN gear, a move that could ultimately simplify the management of Cisco virtual nets.
However, the new Cisco VPN Client 3.0 won't actually support all three lines of VPN gear until next year.
Currently, each type of Cisco VPN gear requires separate client technology, the result of the company building its VPN line in stages, partly through acquisitions. The new unified client will work initially with Cisco's 3000 Series VPN concentrators, and later, through software upgrades, with Cisco 7100/7200 VPN routers, Cisco 5000 Concentrators and Cisco PIX firewalls.
Despite the delay, the new client brings immediate benefits, says Emmett Hawkins, CTO of Vortex Networks, a WAN service provider in Atlanta that beta-tested the client. For instance, the client makes it easier to screen remote users via Microsoft's Active Directory. Previously, a Remote Authentication Dial-In User Service server or Lightweight Directory Access Protocol directory needed to sit between a VPN concentrator and Active Directory, and that required maintaining more databases and sapped staff resources, he says.
The client also simplifies management by letting only central VPN equipment distribute security policies, preventing end users from tinkering with security settings.
Cisco has loaded its unified client on a new VPN appliance for branch offices called the Cisco 3002, which off-loads VPN processing from remote PCs and lets multiple PCs use the same VPN link. One model of the 3002 comes with two Ethernet ports to connect with the WAN router and the LAN behind it, and one model includes an eight-port Ethernet LAN switch, reducing the number of devices needed in remote offices.
The 3002, priced at US$1,000 with two ports and $1,200 with eight ports, will lower the cost of setting up site-to-site links between small offices and large corporate sites, says Elliot Zeltzer, manager of telecommunications and network security for Volkswagen of America's Gedas IT subsidiary. The device is managed as if it were a software client.
"Before, small sites needed a baby image of a head-end concentrator, with all the management complexity of a big concentrator," he says. "Two-thirds of the cost of new connections is the ongoing maintenance and administration."
The price of such concentrators could fall in half in months to come as major vendors such as Nortel deliver similar products, says Jim Slaby, a Giga Information Group analyst. He expects such devices to include security features such as firewall, content filtering and virus scanning technologies.
Cisco is also introducing a VPN client for PDAs that will work with all its central-site VPN products. Certicom makes this client.