?
Solved

SSL VS IPSec Box

Posted on 2011-03-15
4
Medium Priority
?
607 Views
Last Modified: 2012-05-11
now a days vendors are marketing SSL Products (Juniper, Sonicwall), calming SSL is more fast n reliable then IPSec based devices

how far it is true?
on what technical grounds we can compare?
or is it just a Business need scenario?  

which way to go
0
Comment
Question by:sportsboy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 750 total points
ID: 35148944
from strictly the sonicwall perspective:

i don't know about reliable, but it seems easier to work with as the sonicwall ssl-vpn client (NetExtender) is easier to install than the fat client, GlobalVPN Client (GVC). also, you have the portal you can manage for different uses. you can launch TS session, Citrix session, application, web site, etc. there are alot of options. with the GVC, you simply get a VPN, which is alot, but it's not what you get with the ssl-vpn.

as far as faster, the sonicwall appliances allow you to enable an ssl-vpn interface in addition to the GVC connections. in this case, it might not be faster. the sonicwall is doing a bunch of other stuff in addition to ssl-vpn. if you need speed and you have alot of vpn client, then i'd recommend an ssl-vpn appliance separate from the firewall. you don't have to have a sonicwall firewall to implement the ssl-vpn appliance.

for my clients, if i'm talking about 1-5 users, i typically enable the ssl-vpn appliance on their firewall. i do have client where they require 20+ and vendor access. we purchased an ssl-vpn appliance for them. also, i create different portals based on connectivity requirements. it works really well.

hope that helps!
0
 
LVL 28

Expert Comment

by:asavener
ID: 35158584
SSL VPN client connections can typically traverse proxy servers and NAT connections.  This eliminates having to have the end user modify their router/firewall/proxy server.

0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 750 total points
ID: 35162286
the big difference between the SSL VPN and the IPSec VPN Client access is the method used. SSL VPN typically uses a flavor of the same crypto that is associated with secure web browsing and with many of the solutions tunnels the traffic over TCP/443. IPSec on the other hand typically uses other protocols from TCP and needs to make special accommodations if going across a NAT device.

Most SSL VPN clients are easier to install than IPSec and can be used to connect securely without admin rights on a host. For example I have set up SSL VPN profiles that could provide access to corporate assets from kiosk machines in coffee shops if desired (FWIW- many additional controls were enabled to make sure the browser session was protected, no key loggers, active AV, and an encrypted browser cache that would be gibberish to prying eyes later). All of those features were extensions of the SSL VPN solution but would not be available with the IPSec solution.

I think one of the real differentiators is that the SSL VPN solution can provide a portal that allows access to very specific resources. Click a link for a protected web page and you are on it, select a rdp session with an internal host and you get an applet that runs the remote desktop in the browser window. As has been previously stated that portal can be customized to the user or their group association.

I have heard mumblings that IPSec VPN client access will be phased out in favor of the SSL VPN client solutions but that IPSec will still be around for site to site and site to multi-site connections.

but what is boils down to is do you want to manage another piece of software on your users hosts or give them another URL that provides a customized secure access solution?

there might be something to the hype, but don't take my word for it give it a try.

hope this helps,

-t
0
 

Author Closing Comment

by:sportsboy
ID: 35349793
at least some thing
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
OnPage brings Secure Critical Messaging to Telemedicine.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question