subject: Security Solution For Vpn - Ssl Or Ipsec? [print this page] Being an growing VPN strategy, SSL VPN has been getting the occurrence and reputation very quickly. In contrast to the conventional IPSec VPN, SSL VPN is an answer for the distant accessibility of cellular customers, while IPSec VPN is more appropriate for the relationship between systems (gateways). Hence, both of these two methods will reveal the professional industry later on. Concretely discussing, there are several variations between them:
1. IPSec is more used in the relationship between systems (e.g. business LANs) while SSL is more regularly integrated to offer the distant accessibility for cellular customers. Now most well-known surfers have the SSL VPN built-in functionality so that they can go through the SSL VPN tube and get into the inner system without setting up unique application on the consumer site. But if the IPSec VPN is integrated, an IPSec customer application must be set up and developed on the PC or work station engaged.
2. SSL VPN performs on the Carry Coating of the OSI Network Style while IPSec VPN is such a system technological innovation that is depending on the Network Coating of the OSI Style. Therefore IPSec VPN protects all the programs according to IP, whereas SSL VPN is more advantaged on the protection of web-based programs (though some innovative items assistance TCP/UDP-based C/S programs such as FTP, Telnet, list service etc.).
3. The SSL VPN tube can go through the application regardless of what WANs methods are used. However, to make sure IP VPN service can go through the application, IPSec customers must assistance the "NAT Penetration" operate and the slot 500 (UDP) on the application must be permitted as well.
4. In a system employing SSL VPN, only the entrance devices at the main node needs servicing, this considerably decreases the settings and servicing expenditures. While a system employing IPSec VPN needs the servicing at every node.
5. SSL VPN provides more granular management over person accessibility, including more versatile management on visitor's benefit, options and information, and being simpler to incorporate with third celebration government bodies such as distance and AD. For online IPSec VPN, the person accessibility management is noticed by analyzing five system factors (source IP, resource slot, method, getaway IP, getaway port).
Due to these apparent benefits described above, SSL VPN is being implemented by more and more people and organizations. However, this does not mean that SSL VPN is the appropriate solution for every situation. Because SSL VPN was initially developed for web-based programs, it may not be the answer for system solutions like FTP and Telnet, though some organizations have developed new features to fix this issue. Therefore, as a system manager, the most crucial thing is to properly consider what type of system solutions does your customers really need and then select the most effective which performs best for you.
