Cisco targets SSL VPN vendors

Cisco Systems Inc. last week said it will add support for the Secure Sockets Layer protocol to its virtual private network hardware, elbowing its way into a market now occupied by many smaller vendors – some of which began shipping SSL VPN technology two years ago.

But Cisco’s entry, though late, should be welcomed by the networking vendor’s installed base, according to several analysts. Their predictions were seconded by Stephen Smith, network manager at Keystone Mercy Health Plan in Philadelphia.

“I’ve been waiting for this with great anticipation,” Smith said. Mercy Health, a Medicaid managed care company, currently uses a Cisco VPN 3030 device that supports the IPsec security protocol to provide secure transport capabilities to about 200 end users who work from home.

But Smith noted that the SSL VPN technology is clientless and should be able to work with some Web applications that don’t function well with IPsec. “We’ve had problems with IPsec, and we’ve needed clientless (capabilities),” he said.

Cisco’s new offering, called WebVPN, will also let Mercy Health use its existing VPN 3030 appliance to provide both IPsec and SSL VPN functionality. “I don’t want (to add) another platform, and with this approach, I won’t have to,” Smith said.

Cisco officials said WebVPN will be built into new concentrators starting in January and will be made available at no extra cost to current users.

There are “millions” of Cisco’s VPN 3000 Series Concentrators in use, which will give the company a big advantage over other SSL VPN vendors, said Joel Conover, an analyst at Current Analysis Inc. in Sterling, Va. “Cisco’s entry will have a profound impact on the SSL VPN market,” he predicted. “It changes the competitive nature of the market.”


Conover said the first release of WebVPN has weaknesses, including an inability to support Web portals based on Citrix Systems Inc.’s software. Some of the shortcomings are due to the fact that the VPN 3000 line is three years old.

For example, the devices can’t handle more than 200 concurrent end users, Conover said, which could be a drawback for IT managers who need to support thousands of users and don’t want to stack numerous concentrators.

But Conover added that he expects Cisco to make the necessary improvements quickly and eventually dominate SSL VPNs as it does so many other parts of the networking market.

Having IPsec and SSL VPN functionality in a single box will help Cisco because many companies need to use both technologies, said Zeus Kerravala, an analyst at The Yankee Group in Boston.

For many smaller vendors of SSL VPNs, Cisco’s entry into the market with a free offering “means their future is pretty limited,” he said.

Kerravala added that in an October survey of 248 large and midsize companies, about 95 percent said they would consider buying SSL VPN technology from Cisco. That was far more than any of Cisco’s rivals scored on the survey, which was funded by a group of vendors that Kerravala wouldn’t identify.