IPsec Vpn vs SSL VPN

Posted on 2010-11-14
Last Modified: 2012-05-10
Please What is Main  different between  IPSEC   VPN and SSL VPN  and When to Use any Of them ?
Question by:abu_qusy
  • 2
LVL 13

Accepted Solution

NarendraG earned 500 total points
ID: 34134051
LVL 13

Expert Comment

ID: 34134069
LVL 68

Expert Comment

ID: 34134392
Good links above, Narendra, but some narration should be done:

allows for site-2-site connections - transparent, full or restricted access to each LAN
needs a client to be installed before anything else, if initiated from a PC
can be handled in hardware, when using routers capable of IPSec VPNs
needs a client (I know "they" say different, but it is the truth, see below)
needs a Web browser and Java allowed
often does not support LAN access, only access to dedicated applications
allows for automatic downloading of the required software

I want to contradict some of the statements made in the links about SSL VPN pros:
It is a big lie that you do not need a client for SSL VPN. In all cases I met SSL VPNs a Java client is installed (not just started!) at your client PC. In some cases there is even more to be installed, like an updater, firewall checker, aso.
The client software (sometimes) interfers with other software. Depending on the techniques used, you cannot use the same services on your client that are offered remotely, like RDP or database ports (e.g. the case with Juniper Connect, mapping all remote IPs to 127.0.0.x addresses). Using more than one of SSL VPN is not supported, and often it does not work. (It's the same with IPSec VPNs - I just say that here because "clientless" is an often stated (fake) pro of SSL VPNs.)
And it is not true that you do not need any training with SSL VPNs. Our stuff is all IT, but they refuse to connect to some of our clients exactly because of the complexity in logging in via Web browser, followed by clicking, starting a client software, ...  None of the SSL VPNs we have to use to get to some of our clients are user-friendly.

That is why I still stick on client-based VPNs. Even a weak PPTP connection is preferred over a SSL VPN. The free OpenVPN SSL VPN counts as such, since it needs a client and a server, and it is not Web based.

Expert Comment

ID: 34135812
SSL VPN is the technology that was touted by major vendors as the clientless, one size fits all solution. The technology started out with the goal and claim to be clientless. However very quickly - as predicted by many experts - limitations were found and a thin client was added. Then after some time the technology came all the way around to a thick client again - just like IPsec. SSL VPN can be very useful if you deal with a just webified environment. However if you have a mix and need seamless access and good performance you should stick with IPsec VPN. I favor a hybrid approach. Also what most SSL VPN vendors don't tell you is that IPsec delivers by far the better data network performance due to less overhead. The main reason SSL VPN was developed was that vendors wanted to address the valid concerns and complains about IPsec VPN such as interoperability, poor manageability and scalability. However there are vendors that have addressed such issues with very good solutions. For example NCP ( offers a hybrid IPsec/SSL VPN gateway plus a Management Server that gives you the best of two worlds and allows you to manage your IPsec clients and environment. I never believe in one-size-fits-all solutions. I favor best-of-breed solutions. Even if those big guys want to tell you otherwise - they are just interested in the bottom line, selling you expensive sheet metal that requires costly maintenance and forklift upgrades.

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now