IPsec Vpn vs SSL VPN

Posted on 2010-11-14
Last Modified: 2012-05-10
Please What is Main  different between  IPSEC   VPN and SSL VPN  and When to Use any Of them ?
Question by:abu_qusy
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 13

Accepted Solution

NarendraG earned 500 total points
ID: 34134051
LVL 70

Expert Comment

ID: 34134392
Good links above, Narendra, but some narration should be done:

allows for site-2-site connections - transparent, full or restricted access to each LAN
needs a client to be installed before anything else, if initiated from a PC
can be handled in hardware, when using routers capable of IPSec VPNs
needs a client (I know "they" say different, but it is the truth, see below)
needs a Web browser and Java allowed
often does not support LAN access, only access to dedicated applications
allows for automatic downloading of the required software

I want to contradict some of the statements made in the links about SSL VPN pros:
It is a big lie that you do not need a client for SSL VPN. In all cases I met SSL VPNs a Java client is installed (not just started!) at your client PC. In some cases there is even more to be installed, like an updater, firewall checker, aso.
The client software (sometimes) interfers with other software. Depending on the techniques used, you cannot use the same services on your client that are offered remotely, like RDP or database ports (e.g. the case with Juniper Connect, mapping all remote IPs to 127.0.0.x addresses). Using more than one of SSL VPN is not supported, and often it does not work. (It's the same with IPSec VPNs - I just say that here because "clientless" is an often stated (fake) pro of SSL VPNs.)
And it is not true that you do not need any training with SSL VPNs. Our stuff is all IT, but they refuse to connect to some of our clients exactly because of the complexity in logging in via Web browser, followed by clicking, starting a client software, ...  None of the SSL VPNs we have to use to get to some of our clients are user-friendly.

That is why I still stick on client-based VPNs. Even a weak PPTP connection is preferred over a SSL VPN. The free OpenVPN SSL VPN counts as such, since it needs a client and a server, and it is not Web based.

Expert Comment

ID: 34135812
SSL VPN is the technology that was touted by major vendors as the clientless, one size fits all solution. The technology started out with the goal and claim to be clientless. However very quickly - as predicted by many experts - limitations were found and a thin client was added. Then after some time the technology came all the way around to a thick client again - just like IPsec. SSL VPN can be very useful if you deal with a just webified environment. However if you have a mix and need seamless access and good performance you should stick with IPsec VPN. I favor a hybrid approach. Also what most SSL VPN vendors don't tell you is that IPsec delivers by far the better data network performance due to less overhead. The main reason SSL VPN was developed was that vendors wanted to address the valid concerns and complains about IPsec VPN such as interoperability, poor manageability and scalability. However there are vendors that have addressed such issues with very good solutions. For example NCP ( offers a hybrid IPsec/SSL VPN gateway plus a Management Server that gives you the best of two worlds and allows you to manage your IPsec clients and environment. I never believe in one-size-fits-all solutions. I favor best-of-breed solutions. Even if those big guys want to tell you otherwise - they are just interested in the bottom line, selling you expensive sheet metal that requires costly maintenance and forklift upgrades.

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question