Avatar of abu_qusy

asked on 

IPsec Vpn vs SSL VPN

Please What is Main  different between  IPSEC   VPN and SSL VPN  and When to Use any Of them ?

Avatar of undefined
Last Comment
Avatar of NarendraG
Flag of India image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Qlemo
Flag of Germany image

Good links above, Narendra, but some narration should be done:

allows for site-2-site connections - transparent, full or restricted access to each LAN
needs a client to be installed before anything else, if initiated from a PC
can be handled in hardware, when using routers capable of IPSec VPNs
needs a client (I know "they" say different, but it is the truth, see below)
needs a Web browser and Java allowed
often does not support LAN access, only access to dedicated applications
allows for automatic downloading of the required software

I want to contradict some of the statements made in the links about SSL VPN pros:
It is a big lie that you do not need a client for SSL VPN. In all cases I met SSL VPNs a Java client is installed (not just started!) at your client PC. In some cases there is even more to be installed, like an updater, firewall checker, aso.
The client software (sometimes) interfers with other software. Depending on the techniques used, you cannot use the same services on your client that are offered remotely, like RDP or database ports (e.g. the case with Juniper Connect, mapping all remote IPs to 127.0.0.x addresses). Using more than one of SSL VPN is not supported, and often it does not work. (It's the same with IPSec VPNs - I just say that here because "clientless" is an often stated (fake) pro of SSL VPNs.)
And it is not true that you do not need any training with SSL VPNs. Our stuff is all IT, but they refuse to connect to some of our clients exactly because of the complexity in logging in via Web browser, followed by clicking, starting a client software, ...  None of the SSL VPNs we have to use to get to some of our clients are user-friendly.

That is why I still stick on client-based VPNs. Even a weak PPTP connection is preferred over a SSL VPN. The free OpenVPN SSL VPN counts as such, since it needs a client and a server, and it is not Web based.
Avatar of Allvirtual
Flag of United States of America image

SSL VPN is the technology that was touted by major vendors as the clientless, one size fits all solution. The technology started out with the goal and claim to be clientless. However very quickly - as predicted by many experts - limitations were found and a thin client was added. Then after some time the technology came all the way around to a thick client again - just like IPsec. SSL VPN can be very useful if you deal with a just webified environment. However if you have a mix and need seamless access and good performance you should stick with IPsec VPN. I favor a hybrid approach. Also what most SSL VPN vendors don't tell you is that IPsec delivers by far the better data network performance due to less overhead. The main reason SSL VPN was developed was that vendors wanted to address the valid concerns and complains about IPsec VPN such as interoperability, poor manageability and scalability. However there are vendors that have addressed such issues with very good solutions. For example NCP (http://www.ncp-e.com) offers a hybrid IPsec/SSL VPN gateway plus a Management Server that gives you the best of two worlds and allows you to manage your IPsec clients and environment. I never believe in one-size-fits-all solutions. I favor best-of-breed solutions. Even if those big guys want to tell you otherwise - they are just interested in the bottom line, selling you expensive sheet metal that requires costly maintenance and forklift upgrades.

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo