Security Solution for VPN – SSL or IPSec?

Being an emerging VPN technique, SSL VPN Review has been gaining the prevalence and popularity very rapidly. Compared with the traditional IPSec VPN, SSL VPN is a better solution for the remote access of mobile users, while IPSec VPN is more suited for the connection between networks (gateways). Hence, both of these two techniques will share the commercial market in the foreseeable future. Concretely speaking, there are several differences between them:

1. IPSec is more used in the connection between networks (e.g. corporate LANs) while SSL is more frequently deployed to provide the remote access for mobile users. Now most popular browsers have the SSL VPN built-in capability so that they can go through the SSL VPN tunnel and enter the internal network without installing special software on the client site. But if the IPSec VPN is implemented, an IPSec client software must be installed and configured on the PC or workstation involved.

2. SSL VPN works on the Transport Layer of the OSI Network Model while IPSec VPN is such a network technology that is based on the Network Layer of the OSI Model. Therefore IPSec VPN secures all the applications based on IP, whereas SSL VPN is more advantaged on the security of web-based applications (though some advanced products support TCP/UDP-based C/S applications such as FTP, Telnet, print service etc.).

3. The SSL VPN tunnel can penetrate the firewall no matter what WANs techniques are used. However, to make sure IPSec VPN can penetrate the firewall, IPSec clients must support the “NAT Penetration” function and the port 500 (UDP) on the firewall must be enabled as well.

4. In a network implementing SSL VPN, only the gateway equipment at the central node requires maintenance, which significantly reduces the configuration and maintenance costs. While a network deploying IPSec VPN requires the maintenance at every node.

5. SSL VPN provides more granular control over user access, adding more flexible control on user’s privilege, resources and files, and being easier to integrate with third party authorities such as radius and AD. For IPSec VPN, the user access control is realized by examining five network parameters (source IP, source port, protocol, destination IP, destination port).

Due to these obvious advantages mentioned above, SSL VPN is being adopted by more and more individuals and companies. However, this does not mean that SSL VPN is the suitable solution for every case. Because SSL VPN was originally designed for web-based applications, it may not be a good solution for network services like FTP and Telnet, though some vendors have developed new functions to solve this problem. Therefore, as a network administrator, the most important thing is to carefully consider what kind of network services does your users really need and then choose the solution which works best for you.

Leave a Reply

Your email address will not be published. Required fields are marked *