• 09/01/2005
    4:00 AM
  • Network Computing
  • News
  • Connect Directly
  • Rating: 
    0 votes
    Vote up!
    Vote down!

IPSec Vs. SSL: Picking The Right VPN

Which VPN method is best for remote access? We examine these two technologies to help you choose the right one for your organization.

However, an IPsec VPN may cost you more in the long run. Let's consider license costs: An IPsec VPN typically costs between $10 and $25, while an SSL VPN ranges from $50 to $120 per seat for a 500-user license. At first glance, IPsec VPN seems appealing costwise. But once you factor in the costs for deploying and managing an IPsec client, the additional testing required prior to patching an OS client (remember the Windows XP Service Pack 2 broke many client applications including IPsec) and the lost productivity from users who can't connect to the gateway over IPsec, it may not look like such a bargain. Additionally, many IT managers have found IPsec VPNs to be time-consuming for their staffs to maintain, because end users often need help when downloading software or maintaining their connections.

Going SSL

Most users make the jump to SSL VPNs when building extranets because of the attractive price and reduced security risks. SSL can restrict remote access to only those resources a user needs.

In fact, one out of every three major companies was using an SSL VPN this year, according to Meta Group. By 2006, 80 percent of companies will use SSL VPNs as one means of connectivity, the researcher says. There's no doubt SSL VPNs are selling like gelato in the summer and perhaps the biggest drivers are universality over Port 443 and reduced management overhead.

Take your laptop anywhere--home, a customer site, the coffee shop--and Internet access over TCP 443 (the default HTTPS port) should be available, unless you're on a network with a strict egress policy. With SSL VPN's ubiquitous access, any computer with a browser and Internet access can be a client. We're not convinced most organizations want to open their critical business applications to users at public kiosks, but being able to let remote or traveling users access their Web mail and other applications is compelling.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments