Comments on: Cisco killing off IPsec VPN Client, forcing even more licensing fees

By: Chris Buechler

Chris Buechler — Fri, 11 Sep 2009 10:07:58 +0000

Josh: You’re way off on at least one point, web servers have always been dominated by open source.

We have commercial support, a great book going to print soon, and a product that’s just as easy if not easier than Cisco products to work with.

Will the “Enterprise”, which is vague but I would describe as the Fortune 500, jump ship from big name vendors to go with open source? No, not likely, they want a huge company’s neck to choke if something goes wrong. But that leaves a huge segment where open source options *are* taking a chunk away from the big name vendors.

By: Josh

Josh — Fri, 11 Sep 2009 02:30:02 +0000

Sorry, not buying into the SMB open source taking over what you bloggers are calling ‘the giant’. Open source has been saying this for years with M$, web serving, and in the past five+ years networking. Didn’t happen then and won’t happen here. Pipe dream….a good dream and I wish you were correct but I just don’t see it happening. Until the open source community can train via documentation, support and provide easy to use products, it simply will not happen, specifically in the enterprise.

By: Stupots

Stupots — Wed, 09 Sep 2009 11:03:18 +0000

@Robert

>> This is much more inline with other vendors now. This is new as of firmware 8.2.

Show me a build of 8.2 for Pix515e and I’ll entertain your argument

By: Mike

Mike — Fri, 24 Jul 2009 12:22:42 +0000

Thanks Chris.. I missed that one.. Will post more experiences with the product but so far, it is working flawlessly..

By: Chris Buechler

Chris Buechler — Fri, 24 Jul 2009 00:04:14 +0000

Mike: Look closer at the downloads page on shrew.net. You installed a version that isn’t compatible with Windows 7. I’ve been using the 2.1.5 version on Windows 7 for several months, since the first beta came out, it works fine.

By: Mike

Mike — Thu, 23 Jul 2009 19:44:54 +0000

Tried to install Shrew client on Windows 7 64bit.. Immediately got the blu screen of death.. It works GREAT with 32 bit XP and VIsta.. Anyone have success installing it on WIndows 7?

By: phil

phil — Tue, 14 Jul 2009 14:23:32 +0000

the only thing that i can see that’s holding back pfsense vs a firewall like checkpoint is that with checkpoint you can centrally manage multiple firewalls. in a large company with say 50 to 100 firewalls it would be pain in the arss.

By: Dean Hamstead

Dean Hamstead — Wed, 08 Jul 2009 08:48:23 +0000

Cisco are so diversified that they are making increasingly substandard products, draping the Golden Gate logo over it and falling all over themselves to tell you what *you* have done wrong when it all does horribly wrong.

If your company or organization needs a VPN then OpenVPN is really the only sustainable solution with a guaranteed migration path and controllable growth costs.

Since at the end of the day, you cant really have an OSS switch. You can save a lot and get that BSD fix buying the new ‘EX’ line of switches from Juniper. Our company has realized TCO savings well beyond the 25% saving Juniper promises.

By: darklogic

darklogic — Mon, 06 Jul 2009 16:13:05 +0000

Hi Robert,

I understand your words in a better way to do things, but 3 years from now that will more and likely change as well.

My primary point was I believe most everyone gets tiered of product changes and service fees being forced upon them by these big companies. Kind of like make the change to this new product otherwise support ends 2013 Cisco PIX, extened service begins for server 2003 on 2010, or 2012 for XP. Cisco is not the only one that does this, I mean heck look at Microsoft and Vista and now Windows 7, which kind of reminds me of XP Home and XP Pro if you look at the packaging.

All in all, it is just simply nice to have an option like open source that can accomplish the same task if not do a better job. You said it yourself, OpenVPN, and the best part is it is free in most all open source firewall projects. To name a few, pfSense, Clarkconnect, Smoothwall, Endian, and Untangle. Again my point, it is nice to have options that will not break the wallet.

pfSense is really a diamond in the rough.

By: Robert

Robert — Mon, 06 Jul 2009 15:07:34 +0000

IPSEC is certainly robust enough, but it wasn’t made for NAT networks. The same is true of H.323 vs SIP. H.323 works great when it can, but is a hassle with NAT traversal. SIP was the answer.

I don’t know why people are hung up on IPSEC….in regards to user VPN’s. It’s like holding onto GRE/PPTP and all it’s deficiencies.