Solved

SSL VS IPSec Box

Posted on 2011-03-15
4
600 Views
Last Modified: 2012-05-11
now a days vendors are marketing SSL Products (Juniper, Sonicwall), calming SSL is more fast n reliable then IPSec based devices

how far it is true?
on what technical grounds we can compare?
or is it just a Business need scenario?  

which way to go
0
Comment
Question by:sportsboy
4 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
Comment Utility
from strictly the sonicwall perspective:

i don't know about reliable, but it seems easier to work with as the sonicwall ssl-vpn client (NetExtender) is easier to install than the fat client, GlobalVPN Client (GVC). also, you have the portal you can manage for different uses. you can launch TS session, Citrix session, application, web site, etc. there are alot of options. with the GVC, you simply get a VPN, which is alot, but it's not what you get with the ssl-vpn.

as far as faster, the sonicwall appliances allow you to enable an ssl-vpn interface in addition to the GVC connections. in this case, it might not be faster. the sonicwall is doing a bunch of other stuff in addition to ssl-vpn. if you need speed and you have alot of vpn client, then i'd recommend an ssl-vpn appliance separate from the firewall. you don't have to have a sonicwall firewall to implement the ssl-vpn appliance.

for my clients, if i'm talking about 1-5 users, i typically enable the ssl-vpn appliance on their firewall. i do have client where they require 20+ and vendor access. we purchased an ssl-vpn appliance for them. also, i create different portals based on connectivity requirements. it works really well.

hope that helps!
0
 
LVL 28

Expert Comment

by:asavener
Comment Utility
SSL VPN client connections can typically traverse proxy servers and NAT connections.  This eliminates having to have the end user modify their router/firewall/proxy server.

0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 250 total points
Comment Utility
the big difference between the SSL VPN and the IPSec VPN Client access is the method used. SSL VPN typically uses a flavor of the same crypto that is associated with secure web browsing and with many of the solutions tunnels the traffic over TCP/443. IPSec on the other hand typically uses other protocols from TCP and needs to make special accommodations if going across a NAT device.

Most SSL VPN clients are easier to install than IPSec and can be used to connect securely without admin rights on a host. For example I have set up SSL VPN profiles that could provide access to corporate assets from kiosk machines in coffee shops if desired (FWIW- many additional controls were enabled to make sure the browser session was protected, no key loggers, active AV, and an encrypted browser cache that would be gibberish to prying eyes later). All of those features were extensions of the SSL VPN solution but would not be available with the IPSec solution.

I think one of the real differentiators is that the SSL VPN solution can provide a portal that allows access to very specific resources. Click a link for a protected web page and you are on it, select a rdp session with an internal host and you get an applet that runs the remote desktop in the browser window. As has been previously stated that portal can be customized to the user or their group association.

I have heard mumblings that IPSec VPN client access will be phased out in favor of the SSL VPN client solutions but that IPSec will still be around for site to site and site to multi-site connections.

but what is boils down to is do you want to manage another piece of software on your users hosts or give them another URL that provides a customized secure access solution?

there might be something to the hype, but don't take my word for it give it a try.

hope this helps,

-t
0
 

Author Closing Comment

by:sportsboy
Comment Utility
at least some thing
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I am forever hearing "If you want something done, ask a busy person to do it," which only is effective because the person whom one may ask works in a certain way. This is my way; I hope it helps you. Courage is doing what you're afraid to do. Th…
Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now