5.1. In the Beginning, There Were SSL VPNs

SSL VPNs have been around long enough to have their own overall product category. In many ways, SSL VPNs were the very first NAC products available.

NOTE

We have dozens of customers that originally used SSL VPNs to do the job that NAC provides today.

Historically, organizations used SSL VPN to protect their Wi-Fi (wireless fidelity) deployments and their remote access deployments. When users wanted to access the wireless network, they needed a valid SSL VPN session, in addition to possessing wireless credentials (such as a WEP key). Because SSL VPNs provided this functionality, organizations could layer role-based access control onto their wireless networks and up the ante for wireless security.

SSL VPNs are primarily a remote-access–oriented technology that acts as a gatekeeper between the end user and network resources and applications. Access control decisions are based on user identity/role and endpoint integrity, among other things.

Sounds a lot like NAC, doesn't it?

5.1.1. User identity with SSL VPN

User identity validation (authentication and authorization of users) with SSL VPN is very similar to an NAC solution. For the most part, these products are architected to integrate seamlessly with the organization's existing authentication infrastructure.

The similarities between user identity with NAC and user identity with SSL VPNs ...

Get Network Access Control For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.