Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


IPsec Vpn vs SSL VPN

Posted on 2010-11-14
Medium Priority
Last Modified: 2012-05-10
Please What is Main  different between  IPSEC   VPN and SSL VPN  and When to Use any Of them ?
Question by:abu_qusy
  • 2
LVL 13

Accepted Solution

NarendraG earned 2000 total points
ID: 34134051
LVL 72

Expert Comment

ID: 34134392
Good links above, Narendra, but some narration should be done:

allows for site-2-site connections - transparent, full or restricted access to each LAN
needs a client to be installed before anything else, if initiated from a PC
can be handled in hardware, when using routers capable of IPSec VPNs
needs a client (I know "they" say different, but it is the truth, see below)
needs a Web browser and Java allowed
often does not support LAN access, only access to dedicated applications
allows for automatic downloading of the required software

I want to contradict some of the statements made in the links about SSL VPN pros:
It is a big lie that you do not need a client for SSL VPN. In all cases I met SSL VPNs a Java client is installed (not just started!) at your client PC. In some cases there is even more to be installed, like an updater, firewall checker, aso.
The client software (sometimes) interfers with other software. Depending on the techniques used, you cannot use the same services on your client that are offered remotely, like RDP or database ports (e.g. the case with Juniper Connect, mapping all remote IPs to 127.0.0.x addresses). Using more than one of SSL VPN is not supported, and often it does not work. (It's the same with IPSec VPNs - I just say that here because "clientless" is an often stated (fake) pro of SSL VPNs.)
And it is not true that you do not need any training with SSL VPNs. Our stuff is all IT, but they refuse to connect to some of our clients exactly because of the complexity in logging in via Web browser, followed by clicking, starting a client software, ...  None of the SSL VPNs we have to use to get to some of our clients are user-friendly.

That is why I still stick on client-based VPNs. Even a weak PPTP connection is preferred over a SSL VPN. The free OpenVPN SSL VPN counts as such, since it needs a client and a server, and it is not Web based.

Expert Comment

ID: 34135812
SSL VPN is the technology that was touted by major vendors as the clientless, one size fits all solution. The technology started out with the goal and claim to be clientless. However very quickly - as predicted by many experts - limitations were found and a thin client was added. Then after some time the technology came all the way around to a thick client again - just like IPsec. SSL VPN can be very useful if you deal with a just webified environment. However if you have a mix and need seamless access and good performance you should stick with IPsec VPN. I favor a hybrid approach. Also what most SSL VPN vendors don't tell you is that IPsec delivers by far the better data network performance due to less overhead. The main reason SSL VPN was developed was that vendors wanted to address the valid concerns and complains about IPsec VPN such as interoperability, poor manageability and scalability. However there are vendors that have addressed such issues with very good solutions. For example NCP (http://www.ncp-e.com) offers a hybrid IPsec/SSL VPN gateway plus a Management Server that gives you the best of two worlds and allows you to manage your IPsec clients and environment. I never believe in one-size-fits-all solutions. I favor best-of-breed solutions. Even if those big guys want to tell you otherwise - they are just interested in the bottom line, selling you expensive sheet metal that requires costly maintenance and forklift upgrades.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question