[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1333
  • Last Modified:

IPSEC V SSL VPN

Does anyone have any opinions on IPSEC V SSL VPN environments?  I know IPSEC encrypts the entire OSI model but has a %12 bandwidth overhead and SSL does not have the %12 overhead but only encrypts 4 layers of the OSI model.  I’m looking for more pros and cons of each technology.  

Thanks,

eb
0
Erik Bjers
Asked:
Erik Bjers
3 Solutions
 
chris_calabreseCommented:
IPSec and SSL are remarkably similar in the way they do key management and other key functions, so it's hard to believe that there is any significant performance difference inherent in the protocols.

Of course, actual mileage may vary based on the implementation and exactly what you're doing with it.

A much bigger deal is what type of functionality you want beyond basic web connectivity.

Do you want connectivity only to a few web-enabled apps, or for random IP protocols? This is an area where IPSec implementations are stronger, though most SSL VPNs can do this with auxilliary software.

Do you want to tunnel the VPN in web protocols (even for random IP protocols) so it works through restrictive firewalls on other networks? Not all IPSec implementations can do this, and this is one area where there is a pretty big performance hit for IPSec even when it does work (whether you notice the performance hit in regular usage is another question).

Do you want to limit access to only the VPN, and not allow access anywhere else in the universe? This is an area where IPSec VPNs are stronger, though some SSL VPNs can do this with auxilliary software.

Do you want to allow people to use random computers rather than one issued by the company that has company software installed? This is an area where SSL VPNs are stronger, though note that there are other issues with doing this.

.....
0
 
ahoffmannCommented:
http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci940324,00.html?track=NL-20       
http://www.nortelnetworks.com/solutions/ip_vpn/collateral/nn102260-110802.pdf

If you're building VPN's on top of https, then take care that you most likely have a cross-domain problem with cookies.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now