IPSec Vs. SSL: Picking The Right VPN
Mike Fratto, Editor
September 01, 2005
You're comfortable with the security of your network inside the office, but how do you feel about a salesman using his laptop to access your network from the local Starbucks?
It's easy to control security within the physical walls of your plant, but providing secure remote access to internal resources for externally connected users is more difficult. IPsec (IP security) and PPTP (Point-to-Point Tunneling Protocol) VPNs, and sometimes SSH tunneling, are enough, but these setups often have problems with NAT (Network Address Translation) traversal, firewalls and client management. An SSL (Secure Sockets Layer) VPN should solve those problems while still providing robust and secure remote access. However, an SSL setup comes with its own difficulties, such as problems with browser support, required increased privileges on the client computer for anything other than pure HTTP applications and the inherent security problem of cached data on the browser. For more information, see "ABCs of Remote Access".
Compare and Contrast
IPsec is a Layer 3 VPN: For both network-to-network and remote-access deployments, an encrypted Layer 3 tunnel is established between the peers. An SSL VPN, in contrast, is typically a remote-access technology that provides Layer 6 encryption services for Layer 7 applications and, through local redirection on the client, tunnels other TCP protocols. From a purely technical standpoint, you may be able to run both IPsec and SSL VPNs simultaneously, unless both the IPsec and SSL VPN products use installed client software on the user's computer. In that case, you may have stack conflicts.
SSL VPN Vs. IPSEC VPN
Click to Enlarge