Solved

IPSEC V SSL VPN

Posted on 2006-06-27
4
1,317 Views
Last Modified: 2008-03-10
Does anyone have any opinions on IPSEC V SSL VPN environments?  I know IPSEC encrypts the entire OSI model but has a %12 bandwidth overhead and SSL does not have the %12 overhead but only encrypts 4 layers of the OSI model.  I’m looking for more pros and cons of each technology.  

Thanks,

eb
0
Comment
Question by:Erik Bjers
4 Comments
 
LVL 30

Assisted Solution

by:ded9
ded9 earned 175 total points
ID: 16998861
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 175 total points
ID: 17004048
IPSec and SSL are remarkably similar in the way they do key management and other key functions, so it's hard to believe that there is any significant performance difference inherent in the protocols.

Of course, actual mileage may vary based on the implementation and exactly what you're doing with it.

A much bigger deal is what type of functionality you want beyond basic web connectivity.

Do you want connectivity only to a few web-enabled apps, or for random IP protocols? This is an area where IPSec implementations are stronger, though most SSL VPNs can do this with auxilliary software.

Do you want to tunnel the VPN in web protocols (even for random IP protocols) so it works through restrictive firewalls on other networks? Not all IPSec implementations can do this, and this is one area where there is a pretty big performance hit for IPSec even when it does work (whether you notice the performance hit in regular usage is another question).

Do you want to limit access to only the VPN, and not allow access anywhere else in the universe? This is an area where IPSec VPNs are stronger, though some SSL VPNs can do this with auxilliary software.

Do you want to allow people to use random computers rather than one issued by the company that has company software installed? This is an area where SSL VPNs are stronger, though note that there are other issues with doing this.

.....
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 150 total points
ID: 17004339
http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci940324,00.html?track=NL-20       
http://www.nortelnetworks.com/solutions/ip_vpn/collateral/nn102260-110802.pdf

If you're building VPN's on top of https, then take care that you most likely have a cross-domain problem with cookies.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now