IPSec vs SSL VPN

We have more and more people traveling on business at my company, and management wants them to have access to resources on the network. I’m trying to find the best solution with the least overhead and costs. I see two primary types of VPN options – IPSecurity (IPSec) and SSL VPN. Which is the best way to go? – Via the Internet

We have more and more people traveling on business at my company, and management wants them to have access to resources on the network. I’m trying to find the best solution with the least overhead and costs. I see two primary types of VPN options – IPSecurity (IPSec) and SSL VPN. Which is the best way to go?

– Via the Internet

The answer is – it depends. IPSec is a VPN access method that more people are familiar with. This requires that some type of software be installed on the remote system in order to be able to get a secure link into the corporate network. One thing you’ll run into here is conflicts between the VPN client software and other applications on the remote computer. I have run into problems in the past with Nortel’s VPN client software and an application as simple as Madden Football 2002 or multi-function printer drivers for printers causing problems with the VPN software. Also, if for some reason you need to access different VPN systems from different vendors, you may run into problems in which  multiple VPN software packages can co-exist on the same computer at the same time.

SSL VPN is a newer entry onto the secure access scene. The attractive thing here for resource-strapped IS staffs is that you don’t have to have any software installed on the remote computer. The trade-off is that the applications may need to be tweaked in order to work over this type of connection depending on the solution you use. I’m testing a Cisco 3005 VPN Concentrator and have found that I can get just about anything to work. For access other than Web access, you will use an application redirection function that uses a Java applet from the concentrator. You then use either a host name, a port number or some combination to get things working. Since the processing occurs on the VPN concentrator, access may seem a little slower than with a “conventional” IPSec connection. You can get a little boost by going to a higher model VPN concentrator with more memory, faster processor, etc.

As with anything involving technology, there are new options coming on the market all the time. These are just two of the options that I have looked at that are workable options for you. As you continue your research, you may find other options that may work for you, as well.