Solved

SSL VS IPSec Box

Posted on 2011-03-15
4
603 Views
Last Modified: 2012-05-11
now a days vendors are marketing SSL Products (Juniper, Sonicwall), calming SSL is more fast n reliable then IPSec based devices

how far it is true?
on what technical grounds we can compare?
or is it just a Business need scenario?  

which way to go
0
Comment
Question by:sportsboy
4 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 35148944
from strictly the sonicwall perspective:

i don't know about reliable, but it seems easier to work with as the sonicwall ssl-vpn client (NetExtender) is easier to install than the fat client, GlobalVPN Client (GVC). also, you have the portal you can manage for different uses. you can launch TS session, Citrix session, application, web site, etc. there are alot of options. with the GVC, you simply get a VPN, which is alot, but it's not what you get with the ssl-vpn.

as far as faster, the sonicwall appliances allow you to enable an ssl-vpn interface in addition to the GVC connections. in this case, it might not be faster. the sonicwall is doing a bunch of other stuff in addition to ssl-vpn. if you need speed and you have alot of vpn client, then i'd recommend an ssl-vpn appliance separate from the firewall. you don't have to have a sonicwall firewall to implement the ssl-vpn appliance.

for my clients, if i'm talking about 1-5 users, i typically enable the ssl-vpn appliance on their firewall. i do have client where they require 20+ and vendor access. we purchased an ssl-vpn appliance for them. also, i create different portals based on connectivity requirements. it works really well.

hope that helps!
0
 
LVL 28

Expert Comment

by:asavener
ID: 35158584
SSL VPN client connections can typically traverse proxy servers and NAT connections.  This eliminates having to have the end user modify their router/firewall/proxy server.

0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 250 total points
ID: 35162286
the big difference between the SSL VPN and the IPSec VPN Client access is the method used. SSL VPN typically uses a flavor of the same crypto that is associated with secure web browsing and with many of the solutions tunnels the traffic over TCP/443. IPSec on the other hand typically uses other protocols from TCP and needs to make special accommodations if going across a NAT device.

Most SSL VPN clients are easier to install than IPSec and can be used to connect securely without admin rights on a host. For example I have set up SSL VPN profiles that could provide access to corporate assets from kiosk machines in coffee shops if desired (FWIW- many additional controls were enabled to make sure the browser session was protected, no key loggers, active AV, and an encrypted browser cache that would be gibberish to prying eyes later). All of those features were extensions of the SSL VPN solution but would not be available with the IPSec solution.

I think one of the real differentiators is that the SSL VPN solution can provide a portal that allows access to very specific resources. Click a link for a protected web page and you are on it, select a rdp session with an internal host and you get an applet that runs the remote desktop in the browser window. As has been previously stated that portal can be customized to the user or their group association.

I have heard mumblings that IPSec VPN client access will be phased out in favor of the SSL VPN client solutions but that IPSec will still be around for site to site and site to multi-site connections.

but what is boils down to is do you want to manage another piece of software on your users hosts or give them another URL that provides a customized secure access solution?

there might be something to the hype, but don't take my word for it give it a try.

hope this helps,

-t
0
 

Author Closing Comment

by:sportsboy
ID: 35349793
at least some thing
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you want to move up through the ranks in your technology career, talent and hard work are the bare necessities. But they aren’t enough to make you stand out. Expanding your skills, actively promoting your accomplishments and using promotion st…
It’s an age old story, whether you’re looking for full-time employment or contract work. In order to land a job, you must have experience.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question