VPN: IPSec vs SSL

BigV · 01-15-2007, 06:08 PM

I need to provide VPN access to a small network. The network is running nicely right now, but a few people would like to connect to some network resources from outside the office, hence the need for the VPN. I have a fairly clean slate to work from here, and I have read enough to narrow my choices to two different technologies, IPSec and SSL.

From what I've read, they both can create a secure tunnel, so for the user, the end result will be the same. The cost for each solution is pretty close to the other, so there's no natural economic advantage. But I'll be the one who has to install and maintain it, so the other behind the curtain details mean more to me. Here's the short list of the pluses and minuses for each, as I see it. Your input is welcome.

IPSec advantages:
**************
Greater security by virtue of requiring a specific client application.
Greater security by virtue of the fact that the box I'm considering also contains a(nother) firewall, adding to the notion of defense in depth.
Greater control by virtue of finer granularity with respect to access privleges.
I have experience with IPSec vpns (Cisco and WatchGuard), so I'm not starting from zero experience.
Can run all applications, and access all network resources.

IPSec disadvantages:
****************
Higher cost due to the fact that client licenses have to be purchased to use the vpn.
Greater complexity of client software.
More pieces than "built in" SSL solution; more things to be configured, keep track of, buy, fix, maintain, update, etc.
The box has multiple functions, firewall, vpn endpoint, switch, etc.

SSL advantages:
************
Box is less complex, no other functions.
No client required; "built in" browser capability.
No client maintenance/cost, etc.

SSL disadvantages:
***************
Can run only web enabled applications, since it all runs in the browser.
No access to network storage or printers.
"Simpler" solution presents fewer hurdles to unauthorized access.

That's the list I have so far. At this point, I'm strongly in favor of the IPSec solution, since I like the full access to the private network resources. But I would like to hear the input and experience of the cellar. What's your two cen t's worth? (hint: much more than two cents, to me

) Thanks in advance.

01-15-2007, 06:08 PM	#1
BigV Goon Squad Leader Join Date: Nov 2004 Location: Seattle Posts: 27,063	VPN: IPSec vs SSL I need to provide VPN access to a small network. The network is running nicely right now, but a few people would like to connect to some network resources from outside the office, hence the need for the VPN. I have a fairly clean slate to work from here, and I have read enough to narrow my choices to two different technologies, IPSec and SSL. From what I've read, they both can create a secure tunnel, so for the user, the end result will be the same. The cost for each solution is pretty close to the other, so there's no natural economic advantage. But I'll be the one who has to install and maintain it, so the other behind the curtain details mean more to me. Here's the short list of the pluses and minuses for each, as I see it. Your input is welcome. IPSec advantages: ************ Greater security by virtue of requiring a specific client application. Greater security by virtue of the fact that the box I'm considering also contains a(nother) firewall, adding to the notion of defense in depth. Greater control by virtue of finer granularity with respect to access privleges. I have experience with IPSec vpns (Cisco and WatchGuard), so I'm not starting from zero experience. Can run all applications, and access all network resources. IPSec disadvantages: ************ Higher cost due to the fact that client licenses have to be purchased to use the vpn. Greater complexity of client software. More pieces than "built in" SSL solution; more things to be configured, keep track of, buy, fix, maintain, update, etc. The box has multiple functions, firewall, vpn endpoint, switch, etc. SSL advantages: ******** Box is less complex, no other functions. No client required; "built in" browser capability. No client maintenance/cost, etc. SSL disadvantages: ************* Can run only web enabled applications, since it all runs in the browser. No access to network storage or printers. "Simpler" solution presents fewer hurdles to unauthorized access. That's the list I have so far. At this point, I'm strongly in favor of the IPSec solution, since I like the full access to the private network resources. But I would like to hear the input and experience of the cellar. What's your two cen t's worth? (hint: much more than two cents, to me ) Thanks in advance. __________________ Be Just and Fear Not.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)