How To Choose Between IPSec or SSL for VPN Connectivity?

The history of private, secure connections between different locations in an enterprise started through the use of leased lines, which were dedicated costly installations. During the same period, dedicated dial-in remote access servers (RAS), were used as a less costly alternative for mobile users. This model allowed modems to handle connections, but the network speed would be compromised considerably.

The Internet, Security Concerns and VPN Tunneling

With the advent of the Internet, corporations got access to a better opportunity for better connectivity at the infrastructure level. However, it still posed certain challenges in terms of security of data transmitted and unauthorized access, given the nature of the network, which was publicly accessible.

vpn connectivity

The security aspects related to communicating over a public network were resolved through the introduction of the Virtual Private Network (VPN) concept, a virtual tunnel running between two end points, allowing the passage of encrypted traffic, for secure low-cost data sharing and productivity gains in corporations.

IPSec for VPN Tunneling

The traditional method of tunneling between two end points, in use by the VPNs, is the Internet Protocol Security (IPSec). IPSec is a Network Layer security mechanism, operating independently from the application layer, allowing connected devices to be able to access the entire corporate network.

To connect to an IPSec VPN, the device must usually do so through an IPSec client, an application software, which if configured correctly, provides an additional security layer. However, corporations might end up increasing their costs for licensing and might create challenges for technical support regarding remote machine configuration, especially those that are not present physically on-site.

SSL For VPN Tunneling

To overcome the challenges tied to IPSec tunneling, the SSL (Secure Sockets Layer) VPN solution is the preferred mechanism, owing to obvious advantages. As a common protocol supported by most browsers, the need for additional client configuration is eliminated.
Further, access control mechanisms offered by SSL are far superior, enabling tunnels only for the intended applications on a corporate LAN. Users can also be configured to enjoy distinct access rights, based on their role and level of control in the organization.

However, SSL VPNs can only connect to the tunnel through a browser or web-based interface, featuring certain limitations, and demanding the need for all applications to be web-enabled to participate in an SSL tunnel. Also, the web interface does not allow users to access network resources, including printers or storage devices, restricting them from sharing files or taking backups through this kind of VPN connectivity.

SSL VPN still suffers from certain drawbacks and limitations, even though it is more popular. To choose the best solution, it is important to consider the pros and cons of both types of tunneling solutions and the requirements of the network itself. However, the SSL VPN space is definitely on the edge of technological disruption, with more and more vendors expending considerable resources to enhance its core functionality and devise new ways of making it the standard in VPN connectivity.

Leave a Reply