Not Sure Whether to Use IPSec or SSL for VPN Connectivity? Read This
The majority of IPSec VPN solutions require third-party hardware and / or software. In order to access an IPSec VPN, the workstation or device in question must have an IPSec client software application installed. This is both a pro and a con.
The pro is that it provides an extra layer of security if the client machine is required not only to be running the right VPN client software to connect to your IPSec VPN, but also must have it properly configured.
These are additional hurdles that an unauthorized user would have to get over before gaining access to your network.
The con is that it can be a financial burden to maintain the licenses for the client software and a nightmare for tech support to install and configure the client software on all remote machines- especially if they can’t be on site physically to configure the software themselves.
It is this con which is generally touted as one of the largest pros for the rival SSL (Secure Sockets Layer) VPN solutions. SSL is a common protocol and most web browsers have SSL capabilities built in. Therefore almost every computer in the world is already equipped with the necessary “client software” to connect to an SSL VPN.
Another pro of SSL VPN’s is that they allow more precise access control. First of all they provide tunnels to specific applications rather than to the entire corporate LAN. So, users on SSL VPN connections can only access the applications that they are configured to access rather than the whole network.
Second, it is easier to provide different access rights to different users and have more granular control over user access.
A con of SSL VPN’s though is that you are accessing the application(s) through a web browser which means that they really only work for web-based applications. It is possible to web-enable other applications so that they can be accessed through SSL VPN’s, however doing so adds to the complexity of the solution and eliminates some of the pros.
Having direct access only to the web-enabled SSL applications also means that users don’t have access to network resources such as printers or centralized storage and are unable to use the VPN for file sharing or file backups.
SSL VPN’s have been gaining in prevalence and popularity; however they are not the right solution for every instance. Likewise, IPSec VPN’s are not suited for every instance either. Vendors are continuing to develop ways to expand the functionality of the SSL VPN and it is a technology that you should watch closely if you are in the market for a secure remote networking solution. For now, it is important to carefully consider the needs of your remote users and weigh the pros and cons of each solution to determine what works best for you.
The pro is that it provides an extra layer of security if the client machine is required not only to be running the right VPN client software to connect to your IPSec VPN, but also must have it properly configured.
These are additional hurdles that an unauthorized user would have to get over before gaining access to your network.
The con is that it can be a financial burden to maintain the licenses for the client software and a nightmare for tech support to install and configure the client software on all remote machines- especially if they can’t be on site physically to configure the software themselves.
It is this con which is generally touted as one of the largest pros for the rival SSL (Secure Sockets Layer) VPN solutions. SSL is a common protocol and most web browsers have SSL capabilities built in. Therefore almost every computer in the world is already equipped with the necessary “client software” to connect to an SSL VPN.
Another pro of SSL VPN’s is that they allow more precise access control. First of all they provide tunnels to specific applications rather than to the entire corporate LAN. So, users on SSL VPN connections can only access the applications that they are configured to access rather than the whole network.
Second, it is easier to provide different access rights to different users and have more granular control over user access.
A con of SSL VPN’s though is that you are accessing the application(s) through a web browser which means that they really only work for web-based applications. It is possible to web-enable other applications so that they can be accessed through SSL VPN’s, however doing so adds to the complexity of the solution and eliminates some of the pros.
Having direct access only to the web-enabled SSL applications also means that users don’t have access to network resources such as printers or centralized storage and are unable to use the VPN for file sharing or file backups.
SSL VPN’s have been gaining in prevalence and popularity; however they are not the right solution for every instance. Likewise, IPSec VPN’s are not suited for every instance either. Vendors are continuing to develop ways to expand the functionality of the SSL VPN and it is a technology that you should watch closely if you are in the market for a secure remote networking solution. For now, it is important to carefully consider the needs of your remote users and weigh the pros and cons of each solution to determine what works best for you.
Source...