Aventail this week unveiled a new SSL-based VPN appliance that it claims ups the ante in the "clientless" VPN market, with features that enable it to replace more complicated IPSec-based VPNs for remote user access to corporate networks.

The Aventail EX-1500 appliance is basically a 1U, rack-mountable appliance version of the VPN service Aventail has been offering for years, says Eric Bean, director of product management for the company. "It's the first and only clientless VPN that can be a complete replacement for remote access IPSec solutions," he says. "It does everything that IPSec does, and also what first-generation SSL-based VPNs do."

SSL-based clientless VPNs are intended to be easy to deploy, giving enterprises a way to quickly enable remote users, including business partners and customers, to tap into certain corporate resources on an ad hoc basis.

Instead of installing, configuring and managing client software on each user's desktop, SSL-based VPNs enable users to forge an encrypted session on the fly, with any code that may be required -- such as a Java applet -- downloaded on demand.

But Bean contends that existing products offer access to only a handful of "Webified" applications, such as Web versions of Outlook or Lotus Notes.

"They can't provide a full range of access to very complicated client/server applications such as SAP or to a large set of legacy apps," he says.

Aventail, on the other hand, is offering three levels of access with the EX-1500. First is via a plain vanilla Web browser, for access to Web applications. Next is Aventail OnDemand, a new Java-based agent that offers a secure connection to a client/server application. That is intended for situations where IT doesn't control the connecting user's desktop, such as extending access to a patient's record to a healthcare partner company. Once the partner's session ends, the connection goes away, with no trace on the remote user's desktop, Bean says.

The third method is Aventail Connect, a lightweight agent that provides more full-featured connections for desktops that are under control of IT. It offers access to a full range of client/server applications from vendors including SAP, PeopleSoft, Siebel, Oracle, Citrix, Microsoft and IBM.

Also new is the Aventail ASAP WorkPlace, a mini-portal that provides users with personalized access to a range of resources. The portal can work with an enterprise's existing portal product, as well as their authentication and authorization tools, to determine what resources each user can access. When a user logs on, they immediately see only those resources they are allowed to access.

The Aventail EX-1500 is available now. Pricing starts at $24,000.