Hi Tiago, Why not use a remote access client VPN connection to the ISA firewall, and then allow access for that user or group *only* to the required protocol and required server? A remote access VPN on the ISA firewall is pretty easy to setup and more secure than SSH, since you have the strong access controls enforced at the ISA firewall. Thanks! Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Wednesday, August 03, 2005 6:16 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Should I use SSL or VPN http://www.ISAserver.org Wellm, maybe you could run it over SSH2 instead of telnet and secure it with a server certificate and redistributing client certificates to those who need to access the telnet application. I think it wouldn't be worth setting up a VPN client just to access telnet. Your telnet server is a what? Linux? AIX? HP-UX? SCO? Tiago de Aviz SoftSell - Curitiba (41) 3340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. >>> nathan@xxxxxxxxxx 3/8/2005 00:48 >>> http://www.ISAserver.org Hi, Currently we have a few site to site VPNs and these work great. But we also have a few very small clients that make it not worth setting up a site to site VPN. They need to connect to our telnet application. Would it be best/safer/easier to publish the telnet application over SSL or should we allow them VPN access to our network and then access to the telnet application? We currently publish our telnet application on a webfacing program so it is accessible over port 443 but this isn't/can't be used for full blown access as you can't do as much in a web browser as you can in the telnet application. So is publishing the individual port 23 any different to publishing port 443? So I really just want opinions on would you use VPN or publish the port and secure it with SSL. Thanks Regards, Nathan Simpson ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tiago@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx