VPN Product/News Briefs - November 24, 1999·

• E-Com firm to offer VPN gateway with built-in clustering
• New RADGUARD release resolves IPsec/NAT conflicts
• Shiva offers tool for large-scale VPN client distribution
• Certificate-ready VPN client now available
• Roaming alliance partners with VPN vendor for ultra-low cost

Lisa Phifer
VP Core Competence, Inc.

Pandesic Chooses Network Alchemy's CryptoCluster VPN

Network Alchemy, producer of CryptoCluster™ virtual private networking products, announced last week that Pandesic LLC is deploying Alchemy's IP Clustering to support outsourced e-commerce applications.

Pandesic, a joint services venture between Intel and SAP, provides managed e-commerce solutions to its customers, including e-commerce storefronts at hosting partner sites, back-office transaction processing, Internet bandwidth, security, and ongoing support. The company has adopted Alchemy's CryptoCluster VPN to secure supply chain and enterprise resource planning traffic between its own data centers, as well to protect communication between back-office servers and e-commerce applications at hosting partner sites. Pandesic chose Network Alchemy's CryptoCluster because "we are consistently looking for ways to offer our customers high availability, scalability and quick deployment," said Ed Felton, VP of Operations and Engineering.

Alchemy's IP Clustering provides a non-stop VPN environment that facilitates growth and maintenance without incurring down-time. Active Session Failover™ allows a VPN server to fail transparently by transferring user sessions to other cluster members without reauthentication. According to Alchemy, the CryptoCluster 5000 VPN Server supports up to 20,000 concurrent IPsec, L2TP, or PPTP sessions, with 150-500 millisecond recovery from loss of any cluster member. Clusters can contain up to 255 VPN servers. Each CryptoCluster 5000 starts at $50,000, including VPN client and Java-based management software.  [back to table of contents]

RADGUARD cIPro-VPN 4.0 Addresses IPsec Requirements
RADGUARD last week announced its most recent cIPro-VPN release. The new 4.0 product addresses many of the concerns that have slowed VPN deployment to date, including legacy dial user authentication, compatibility with network address translation, and fault-tolerance.

The cIPro-VPN 4.0 eases integration of VPN technology into existing networks by combining IPsec/IKE tunneling with RADIUS, XAUTH, and other "legacy" authentication protocols. Allowing use of existing authentication and authorization systems with remote access VPNs provides a much-needed bridge between today's dial authentication infrastructure and the evolving PKI. In networks ready to bite the PKI bullet, cIPro-VPN is also compatible with certificate authorities (CAs) and certificate revocation lists (CRLs).

Another obstacle plaguing VPN deployment has been the widespread use of network address translation (NAT), at odds with IPsec packet authentication which cannot tolerate IP header modification between tunnel endpoints. With the 4.0 release, the cIPro-VPN can perform NAT prior to encryption on outgoing data and following decryption on incoming data, effectively combining NAT with IPsec by performing address translation at the tunnel endpoints.

Finally, cIPro-VPN 4.0 has broadened this product's fault-tolerance. In this release, keep-alive messages between redundant cIPro-VPN gateways and cIPro-Clients provide fault-tolerant remote access without requiring client reconfiguration should a gateway fail or be taken out of service. The cIPro-VPN 4.0 starts at $6,450 per VPN site.  [back to table of contents]

go to page 2: Shiva Tool Enables Large-Scale VPN Client Deployment