Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
928
Views
0
Helpful
2
Replies

wireless security VPN client -vs-Citrix ICA client

cwainwright
Level 1
Level 1

‎05-13-2002 11:57 AM - edited ‎07-04-2021 11:09 PM

I'm researching as to which method will be preferable for our "internal" wireless deployment.

I'm trying to create a brief "Pros and Cons" for each method

VPN = IPSEC tunnel

ICA =128 bit encryption.

any thoughts

Labels:
0 Helpful
2 Replies 2

brian.carter
Level 1
Level 1

‎05-14-2002 08:32 AM

This is primarily a placement concern.

If you are going to use the ICA client, you will need to firewall your wireless network from your private, wired network.

This might not be necessary if you are using a VPN appliance with firewall features built-in, like the Cisco and Nortel boxes.

Personally, I can't stand remote user VPNs, so I would recommend using secure ICA and firewall the wireless equipment. You can use a spare firewall interface for this, but make sure that the firewall policy only permits tcp 1494 from the wireless network to the private network. You will need to configure your ICA client with an IP address, not a DNS name (because you aren't permitting DNS traffic). Do not permit any traffic from the wireless network to the Internet or any other networks - let them get Internet surf in the ICA window.

Most people would argue for IPSEC VPN with 3DES. I think that is definatly more secure, but will require more planning and support. The ICA client is much easier to install than most RUVPN clients and you don't need to worry about cached logon credentials, password sync, etc. Bottom line: ICA is going to be much easier to maintain and manage and the users will probably find it a lot easier to use.

You may also consider using two-factor authentication with either solution. That would bring the risk down considerably. SecurID agents work on Citrix and in most RUVPNs.

Hope this helps.

0 Helpful

blue.modal
Level 1
Level 1

‎05-14-2002 02:37 PM

One-time-use certificates with Citrix will fix exactly the problem that has raised so many concerns with WEP - intercepting and mis-using keys.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card