Solved

IPSEC V SSL VPN

Posted on 2006-06-27
4
1,329 Views
Last Modified: 2008-03-10
Does anyone have any opinions on IPSEC V SSL VPN environments?  I know IPSEC encrypts the entire OSI model but has a %12 bandwidth overhead and SSL does not have the %12 overhead but only encrypts 4 layers of the OSI model.  I’m looking for more pros and cons of each technology.  

Thanks,

eb
0
Comment
Question by:Erik Bjers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 30

Assisted Solution

by:ded9
ded9 earned 175 total points
ID: 16998861
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 175 total points
ID: 17004048
IPSec and SSL are remarkably similar in the way they do key management and other key functions, so it's hard to believe that there is any significant performance difference inherent in the protocols.

Of course, actual mileage may vary based on the implementation and exactly what you're doing with it.

A much bigger deal is what type of functionality you want beyond basic web connectivity.

Do you want connectivity only to a few web-enabled apps, or for random IP protocols? This is an area where IPSec implementations are stronger, though most SSL VPNs can do this with auxilliary software.

Do you want to tunnel the VPN in web protocols (even for random IP protocols) so it works through restrictive firewalls on other networks? Not all IPSec implementations can do this, and this is one area where there is a pretty big performance hit for IPSec even when it does work (whether you notice the performance hit in regular usage is another question).

Do you want to limit access to only the VPN, and not allow access anywhere else in the universe? This is an area where IPSec VPNs are stronger, though some SSL VPNs can do this with auxilliary software.

Do you want to allow people to use random computers rather than one issued by the company that has company software installed? This is an area where SSL VPNs are stronger, though note that there are other issues with doing this.

.....
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 150 total points
ID: 17004339
http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci940324,00.html?track=NL-20       
http://www.nortelnetworks.com/solutions/ip_vpn/collateral/nn102260-110802.pdf

If you're building VPN's on top of https, then take care that you most likely have a cross-domain problem with cookies.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
A hard and fast method for reducing Active Directory Administrators members.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question