tgreene
Executive Editor

The politics of weighing SSL VPN vs. IPSec

Opinion
Sep 6, 20052 mins

* Sometimes political and business reasons rule when choosing VPN technologies

Often this newsletter focuses on the technical reasons for using one VPN technology or the other, but as one reader points out, sometimes political and business reasons rule the day.

The big claim for SSL VPN vendors is that their technology requires no client software to allow at least some remote access, and this is much simpler to set up and maintain than an IP Security (IPSec) remote access VPN that requires installing a full client for it to work at all. A pretty good reason to consider SSL.

But many times VPNs are chosen as a way to connect with business partners, and in that case, the simplicity of SSL can rule the day. If IPSec is used, both parties have to agree on the security levels to be used within the IPSec tunnels – one company must be designated in charge of the VPN, which requires some access to the client machines of the other company as well as reconfiguring the partner’s firewall to let VPN traffic through. Each of these issues can be thorny.

The issues can become thornier, a reader says, when the companies have layers of security policies. “I have not seen a consistent security policy at any of our customers,” says a reader who is an integrator. “They can differ between departments with these customers.”

SSL VPNs don’t have to address any of that. They use firewall ports that are generally left open anyway and, therefore, get around whatever policies – consistent or otherwise – partners may use.

Not that there’s anything wrong with IPSec for these purposes if all parties cooperate, the reader says. “I guess when you boil it down, it’s more business politics, and the technology does work if deployed properly on both sides,” he says.