SOURCE: Aventail

May 12, 2005 07:00 ET

Aventail SSL VPN Defeats IPSec Vulnerabilities Alerted by NISCC

Potential Threats Give Further Momentum to Aventail's IPSec Trade-in Campaign

SEATTLE, WA -- (MARKET WIRE) -- May 12, 2005 -- The Aventail SSL VPN platform avoids all issues outlined by the NISCC (National Infrastructure Security Co-ordination Centre) concerning IPSec vulnerabilities. On May 9, the U.K.-based security organization released a high-severity alert ( concerning certain IPSec configurations that allow an attacker to modify and view sensitive information in the inner packets.

These vulnerabilities are not applicable to the Aventail SSL VPN, because Aventail uses SSL for encryption and does not rely on IPSec or on the authentication or payload technologies that are vulnerable with these types of attacks.

"Since Aventail shipped the first SSL VPN product in 1997, we have strongly believed that SSL is inherently the best protocol for secure remote access," said Gary Tomlinson, Aventail's Chief Architect. "Importantly, with SSL, the authentication, authorization, and confidentiality are applied at the stateful application layer rather than at the stateless network layer as with IPSec."

IPSec was designed to connect two trusted networks, and this vulnerability outlined by the NISCC underscores IPSec's weakness in securing remote access communications. Conversely, SSL was designed with secure access in mind and is an application layer protocol. With an SSL VPN, a secure communication link is made independent of the IP network layer, directly between the end point device and the SSL VPN gateway.

This NISCC alert comes on the heels of Aventail's latest platform release, which features its patent-pending Smart Tunneling technology. In addition to not being susceptible to these types of exploits, Aventail Smart Tunneling is the only tunneling architecture that combines a Layer 3 tunnel inside an SSL connection with the policy control of Layers 4 through 7. It provides the application reach and performance of an IPSec VPN, but with the security, simplicity, and control of an SSL VPN.

With Smart Tunneling, the Aventail VPN can securely replace IPSec solutions for all remote access scenarios. To prove this point, Aventail will accept trade-ins of any IPSec or other underperforming VPN from prospective customers in return for 20 percent off the new Aventail Smart SSL VPN appliances -- valued at up to $100,000. This promotion runs through June 30, 2005.

About Aventail

Aventail is the leading SSL VPN product company and the authority on secure application access technology. Aventail delivered the first SSL VPN solution in 1997, and today, Aventail meets the secure communication needs of more than one million end users in over 75 countries. Aventail's family of SSL VPN appliances increases productivity for end users and IT professionals, while maximizing security and lowering costs. Aventail appliances are built on Aventail's proven platform, which leads the industry in End Point Control, policy management, and transparent, easy-to-use access options to the broadest range of applications. Aventail is the SSL VPN of choice among leading enterprises and service providers worldwide, such as AT&T, DuPont, IBM Global Services, MCI, Netifice, Office Depot, Sanyo, and TNT. Headquartered in Seattle, Washington, Aventail has an extensive global network of channel partners and sales support offices. For more information, go to

Contact Information

  • Media contacts:
    Margaret Dawson

    Shannon Mapp

    Aventail Corporation