What is the difference between two Ivanti Secure VPN Connection profiles? What profile do I use?


 

Question: Why are there two Ivanti Secure Access VPN connection profiles? What do they mean? Which connection is best for my use case? 

Answer:

SSL VPN allows remote users who are off campus to connect to restricted Virginia Tech resources which are on campus and in the Data Center. When connected to VPN a tunnel is created between the users machine and the VPN device. Depending on which profile the user choose the interesting traffic is then encrypted and delivered through the tunnel and get's decrypted by the VPN devices at Virginia Tech.

At Virginia Tech when you download and install the Ivanti Secure Access client from the following KB, your desktop client will be automatically populated with the following connection profiles: a) - All Traffic over SSL VPN and b) - VT Traffic over SSL VPN. (NOTE: Only Windows/Mac Client will be automatically populated. Linux users must add them manually, instructions can be found here KB)

All Traffic over SSL VPN

All Traffic over SSL VPN, encrypts all the user traffic and transports it to Virginia Tech. This includes both Virginia Tech and Internet traffic. Depending on where the resource is located, the traffic is then routed accordingly. Often times this means non Virginia Tech traffic is taking a longer path, since it has to travel through Virginia Tech. For example, if you connect to All Traffic over SSL VPN from your home to access an internal website for your research, and you also browse Facebook while you are connected , all that traffic has to come back to Virginia Tech encrypted and then gets decrypted by the VPN devices.  Internal webpage traffic will be sent to the server at Virginia Tech and Facebook traffic is then sent to Facebook over the Internet from Virginia Tech, which will also be true for the return traffic coming from Facebook for this session, which has to come to Virginia Tech, get encrypted and then sent to the users machine over the tunnel. 

VT Traffic over SSL VPN

VT Traffic over SSL VPN, encrypts only Virginia Tech traffic (based on the IP subnet's) and transports it over the tunnel. All other internet traffic will traverse through your ISP to the service provider. This shortens the path of non Virginia Tech traffic. For example, if you connect to VT Traffic over SSL VPN from your home to access an internal website for your research, and you also browse Facebook while you are connected, only the internal website traffic will be encrypted and sent to Virginia Tech, while connection to Facebook will traverse your Internet Service Provider. 

Below is a diagram that depicts how the traffic is handled when you are connected to these profiles:

 

 

We recommend users to connect to b)- VT Traffic over SSL VPN, since that gives you access to all Virginia Tech resources, while letting you access all non Virginia Tech resources over your ISP. Only in cases where you work off-shore or work from a location where you need to protect all the data that leave's your machine use a) - All Traffic over SSL VPN.