Solved

IPSEC V SSL VPN

Posted on 2006-06-27
4
1,323 Views
Last Modified: 2008-03-10
Does anyone have any opinions on IPSEC V SSL VPN environments?  I know IPSEC encrypts the entire OSI model but has a %12 bandwidth overhead and SSL does not have the %12 overhead but only encrypts 4 layers of the OSI model.  I’m looking for more pros and cons of each technology.  

Thanks,

eb
0
Comment
Question by:Erik Bjers
4 Comments
 
LVL 30

Assisted Solution

by:ded9
ded9 earned 175 total points
ID: 16998861
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 175 total points
ID: 17004048
IPSec and SSL are remarkably similar in the way they do key management and other key functions, so it's hard to believe that there is any significant performance difference inherent in the protocols.

Of course, actual mileage may vary based on the implementation and exactly what you're doing with it.

A much bigger deal is what type of functionality you want beyond basic web connectivity.

Do you want connectivity only to a few web-enabled apps, or for random IP protocols? This is an area where IPSec implementations are stronger, though most SSL VPNs can do this with auxilliary software.

Do you want to tunnel the VPN in web protocols (even for random IP protocols) so it works through restrictive firewalls on other networks? Not all IPSec implementations can do this, and this is one area where there is a pretty big performance hit for IPSec even when it does work (whether you notice the performance hit in regular usage is another question).

Do you want to limit access to only the VPN, and not allow access anywhere else in the universe? This is an area where IPSec VPNs are stronger, though some SSL VPNs can do this with auxilliary software.

Do you want to allow people to use random computers rather than one issued by the company that has company software installed? This is an area where SSL VPNs are stronger, though note that there are other issues with doing this.

.....
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 150 total points
ID: 17004339
http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci940324,00.html?track=NL-20       
http://www.nortelnetworks.com/solutions/ip_vpn/collateral/nn102260-110802.pdf

If you're building VPN's on top of https, then take care that you most likely have a cross-domain problem with cookies.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now