Try: http://net6.com/ In short, the traditional IPSec VPN create a local network interface and in the process tends to have various support issues and conflicts with local PC configurations. It also presents the possibility of bridging traffic across interfaces. Most of the SSL VPN offerings tried to have a zero footprint client and while they avoided some of the IPSec issues, they were not as robust and required klugey workarounds to function with certain applications. For example, they cannout handle UDP, need special workarounds for IMAP, etc. The Citrix product, formerly Net6, approached it a bit differently. They accepted the need for a local client (easily installed via Web), but have it effectively run in user execution space. They do not create an additonal network interface and therefore avoid all of the configuration and compatibility issues that plaque IPSec VPN client software. Since the client runs in user space it can be intelligent about all protocals and monitor local applications and route their traffic according to set rules. It can also validate the local configuration and do end point checking such as requiring a certain version of virus definitions, certain registry settings, etc. There is a much deeper explanation at the link above, but in short they made a better mouse trap that is easy to install and adminstrate, avoids many common support issues and is very granular in the applications, protocols and ports is controls. Regards, Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd. suite D8453 Scottsdale, AZ 85262 (602) 432-8649 (602) 296-0411 fax steveg@xxxxxxxxxxxxxx _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Lilley, Brian Sent: Friday, February 04, 2005 4:58 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: Citrix releases SSL VPN Appliance Steve, I wonder if you can point me in the direction of some good documentation on the exact workings of this device... or I guess more specifically, I am trying to fully understand the subtleties of SSL, PPTP and Ipsec VPN's. I have worked with a VPN set up over a PPTP connection before. So, my understanding is that this PPTP VPN is working at the network layer, i.e. you end up with an additional network entry in your routing table on the client device which is tunneled through PPTP. So, the SSL VPN works at the application layer and provides a TCP tunnel? how does this work exactly and how is this tunnel presented to the client? What do they mean when they say Citrix leverages the SSL VPN along with the ipsec VPN.. does that mean you get a network route entry for tunneling non ICA traffic, and then you get SSL encryption for 'proxying' ICA connections, or have I just made all that up? We are very interested in this box, but just not too sure about the colour. thanks in advance, Brian -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Steve Greenberg Sent: 04 February 2005 05:23 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Citrix releases SSL VPN Appliance Now that this is public, I want to let everyone know that product totally rocks! It has all of the best attributes of an IPSec VPN and an SSL VPN without the problems associated with both. While I have been less than totally excited about some of Citrix's other new products over the last few years, this one is pretty awesome. I predict that it is going to take off and dominate the VPN market eventually..... Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd. suite D8453 Scottsdale, AZ 85262 (602) 432-8649 (602) 296-0411 fax steveg@xxxxxxxxxxxxxx _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Kenzig Kenzig.com Sent: Thursday, February 03, 2005 5:16 PM To: thin@xxxxxxxxxxxxx; Thinnews Subject: [THIN] Citrix releases SSL VPN Appliance http://www.brianmadden.com/content/content.asp?id=303 and http://www.citrix.com/site/PS/products/product.asp?familyID=%2013991 <http://www.citrix.com/site/PS/products/product.asp?familyID=%2013991&produc tID=15005> &productID=15005 Jim Kenzig http://thin.net ============================================================================ == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ============================================================================ ==