Ipsec Vpns vs. Ssl Vpns

IPSec VPNs vs. SSL VPNs

Although SSL VPNs are making great headway in the market against IPSec VPNs, this momentum doesn't necessarily mean that SSL is the right solution for every deployment. This paper explores security, maintenance and administration, scalability, application independence, and site-to-site connectivity as the key issues that should be considered to make the right decision.

Security

Because IPSec VPN solutions require IPSec client software, it provides an extra layer of security. The client machine must have the right VPN client software to connect to an IPSec VPN and presents additional hurdles before gaining access to a network (Bradley). With SSL VPN solutions, if the client platform security is compromised, security becomes an issue although some vendors have developed ways to check the client machines for security threats (All about SSL VPN).

Still, IPSec grants access to the entire network while SSL VPN enables better access control because it tunnels to specific applications so users can only access the applications they are configured to access rather than the entire network (Bradley).

Maintenance and Administration

The requirement for IPSec client software means that companies must maintain the licenses for the client software and must install and configure the software on all remote machines (Bradley). In contrast, according to Bradley, SSL VPN only requires a web browser to initiate a VPN session. This is considered to be largest advantage of a SSL VPN over an IPSec VPN.

Scalability

Through IP, IPSec can be applied in networks of all sizes including LAN's to global networks (Advantages and disadvantages of IPSec). SSL is processor-intensive, leading to poor performance under high loads. For deployments requiring scalability, SSL VPN limitations would have to be resolved by clustering and load balancing techniques (Kilpatrick, 2007).

Application Independence

IPSec is not limited to specific applications (Advantages and disadvantages of IPSec). A SSL VPN, on the other hand, requires Java or ActiveX downloads to facilitate access to non-web enabled applications which can become a problem if a firewall is configured to block these controls (Kilpatrick, 2007). Having direct access only to web-enabled SSL applications prevents users from accessing network resources such as printers or centralized storage and from using the VPN for file sharing or file backups (Bradley).

Site-to-Site Connectivity

IPSec is still the preferred method for site-to-site VPNs because either IPSec or SSL requires a gateway and because many SSL vendors don't currently offer site-to-site connections (Greene, 2007).