When come to Virtual Private Network, IT Personal always have a difficulties to differentiate between SSL VPN and IPsec VPN? What the Pros and Cons between SSL VPN and IPsec VPN. Of the two technology choices for remote access using a VPN connection, IPsec is an older technology, whereas SSL VPN is a newer and—in many ways—better technology for remote access, and thus SSL VPN is the recommended solution.
To understand why SSL VPN is preferred, let’s first look at the steps involved with deploying IPsec.
First, the administrator must create a user account. Next, the administrator must send the IPsec client to the remote access user. That user then has to install the IPsec client and configure it. If that user is a contractor, partner, or employee loading the client on a non business-owned computer, the user may already have an IPsec client installed for another brand of device. If that is the case, conflicts are highly likely and may require a lot of time to resolve. Thus, deploying IPsec is not very easy and can require a considerable amount of an administrator’s time and resources.
By comparison, SSL VPN deployment is very different and involves a much simpler process. In this process, the administrator creates an account for the user, which takes less than 30 seconds. The administrator then sends the URL for the VPN portal to the remote user by email. This URL uses the existing SSL VPN capability built into the device browser and all the user needs to do is click the link provided, whether it is a static link or dynamically generated link. At this point, the browser establishes an SSL connection an encrypted VPN session back to the small business. The remote user can then bookmark and use that URL to connect to the business network at any time. There are no conflicts with other clients and no configuration complexity—just a VPN solution that works.
SSL VPN also has advantages in disaster recovery situations. For example, if a snow storm occurs and office based employees are stuck in their homes and do not have their business-issued computers, they can easily connect to the office using SSL VPN from their personal computers and then can connect to all the same network resources they would use when in the office, thereby maintaining productivity. While other businesses are effectively shut down, this business would continue to operate taking care of customers, making sales and enhancing profitability.
Two factor authentication is another capability supported only on the SA500 Series with Cisco SSL VPN. Through a partnership with VeriSign, the business can subscribe to a hosted, token-based authentication service for enhanced security with SSL VPN remote access, adding a further level of validation to the connection by the user providing a second password for the authentication to take place. The business does not need to purchase any of the authentication equipment. A number of token options are available including phone- based tokens, so employees do not need to use an additional card or similar device that has the token information.
From a deployment standpoint, for small businesses that have very limited IT resources, SSL VPN is much easier to implement and requires less administration.