[THIN] Re: CAG Licenses Required for CSG Replacement

I have PIX 501's in the remote offices, so there is a site-to-site LAN
based VPN, over 70 offices like this, works great.  The local DC does
DHCP, but the PIX could do DHCP as well.  I'm sure whatever device you
plan to use could do it.  DHCP is broadcast based is it not, so I'm not
thinking it would go across the VPN, unless your device has some type of
option to check for DHCP broadcasts across subnets (similar to ip
helper-address in cisco switches/routers)
 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Matthew Shrewsbury
Sent: Thursday, November 10, 2005 1:57 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement



Thank you for the info! I am thinking maybe of using an CheckPoint Edge
type device so that the VPN connection is actually a piece of hardware.
That way when the PC boots it should already have a connection back to
HQ. Can DHCP pass over a VPN connection?

 

Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+

Senior Network Administrator

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Thursday, November 10, 2005 1:49 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement

 

I put a DC in every site, even if it's got 5 people.  I use an OptiPlex
(since we are Dell shop) tower with 2 HDD's and an $80 Promise RAID card
doing RAID 1.  It's inexpensive and gives some failover incase the
internet line goes down.  They'll still be able to auth resources and
what not.  

 

If the VPN client runs as a service and connects at startup, then login
scripts should run fine.  Once the VPN is connected, all your GPO's will
run in their scheduled intervals.


There could be issues about the GPO's and other work that happens at
boot time.  That would depend on if the VPN client connects first or
not. 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Matthew Shrewsbury
Sent: Thursday, November 10, 2005 1:47 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement

By authenticate I mean logon to the PC and process logon scripts GPO etc
on a DC located over the VPN. I'm thinking for our small sites instead
of installing a frame link just purchase a fast Internet connection. We
have a few sites that at the moment just run Citrix over the Internet
but we have no way of managing there PC. 

 

Thanks for the info!

Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+

Senior Network Administrator

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Thursday, November 10, 2005 12:15 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement

 

Authenticate to be able to login to the computer, or just authenticate
in general?  The Cisco VPN client can run at bootup and connect to the
default session, so once it's connected and pulls an IP, it can use your
remote DC to auth the login.  I haven't had a need to do this, at least
not yet.


If you just mean auth in general, then yes, I have a couple of users
with no local DC and they do everything against a DC in a remote site.

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Matthew Shrewsbury
Sent: Thursday, November 10, 2005 11:58 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement

A little off topic but does anyone use a VPN where remote Windows
clients over the Internet can authenticate with DCs back at the other
end of the VPN? I'm thinking for smaller sites that don't have the need
for a full DC at that site.

 

Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+

Senior Network Administrator

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Schneider, Chad M
Sent: Thursday, November 10, 2005 11:45 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement

 

We also already have a VPN solution, free (Cisco), but are evaluating
this CAG, due to it's ease of use, configuration, ease for the end user,
etc.

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Durbin
Sent: Thursday, November 10, 2005 10:19 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement

 

Good point about concurrent licensing; I'd have to look at how many
concurrent users we have externally at a given time. But regardless of
the number, I'm not paying for VPN licenses to get CSG functionality.
It's a bummer because I really like the VPN functionality, but other VPN
technologies are on the table at my company. It would have been a great
way to let some users start validating the VPN functionality, which
*could* have ultimately been a huge VPN win for Citrix.

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Schneider, Chad M
Sent: Wednesday, November 09, 2005 8:31 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement

Hardware is $2495, list price, a good vendor can cut that some.

 

We are looking to buy 2, for load balance/redundancy.

 

We have thousands of VPN users, but only see @ 100-150 concurrent at
peak times.

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Greenberg
Sent: Wednesday, November 09, 2005 10:17 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement

 

That is a fair point, if they gave away the CSG functionality for the
price of the hardware there would be a lot of shops that would be happy
to move to the new platform. These users could then become VPN users in
the future- point well taken.......

 

BTW, the hardsware is $2495 and the licenses are concurrent so I doubt
you would need 3500 licenses!

Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd. suite D8453
Scottsdale, AZ 85262
(602) 432-8649
(602) 296-0411 fax
steveg@xxxxxxxxxxxxxx

 

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Durbin
Sent: Wednesday, November 09, 2005 6:43 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement

That's pretty crappy. I'm still paying $3,000 for the appliance, to
replace a Windows server that's running free software. I have 3500 users
with access via the CSG, and obviously, there's no way I'm paying
$350,000 to replace our CSG's. Too bad for Citrix, as they could
potentially have gotten a foothold in our VPN space via the CSG
replacement.

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Greenberg
Sent: Wednesday, November 09, 2005 9:04 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Licenses Required for CSG Replacement

Yes it does require licenses. It is a replacement, but not a free
replacement. Once the user connects you can configure whether you give
them a full VPN tunnel, hand off to WI (CSG),  or kiosk mode. Any
combination of these features requires a CAG concurrent license. The
good news is that box performs extremely well, is wel integrated with
all the CTX products. The even better news is that it is a hardened
LINUX OS and not Windows pretending to be a security device!

 

Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd. suite D8453
Scottsdale, AZ 85262
(602) 432-8649
(602) 296-0411 fax
steveg@xxxxxxxxxxxxxx

 

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of techlists@xxxxxxxxxxxxxxxx
Sent: Wednesday, November 09, 2005 9:49 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] CAG Licenses Required for CSG Replacement

In addition to being a SSL VPN, the CAG is being positioned as a
replacement for CSG. Does anyone know if the CSG functionality requires
a CAG license?

 

Thanks,

 

JD

Other related posts: