SSL-VPNs Making Headway Against IPsec

As distributed enterprises continue to proliferate so does the need for secure VPN access. Increasing numbers of users are remote from the main office network yet they still need and want the same access that their office counterparts enjoy.

For years IPsec-based VPNs were the norm but recently lower cost SSL-based VPNs have garnered a lot of industry interest. In fact some analysts believe that SSL based VPN’s will soon dominate the space.

According to representatives from both Cisco Systems and Juniper Networks the question of SSL vs. IPsec is one commonly asked by today’s clients. Both companies offer IPsec- and SSL-based VPN solutions and reps often need to explain the difference between and the respective benefits of each technology.

This is because, according to Juniper Networks Senior Product Manager Johnnie Konstantas, the SSL-VPN technology has only just begun to grab the markets attention.

“There is definitely a change a foot in that the boundaries of the network are disintegrating,” Konstantas said. “The notion that I am logging in from home and I have a harder time of getting to the information I need than when I’m in the office is going away. It’s being replaced by the idea that I should have the same online experience whether I’m at home, at a hotel or logging in here at the network.”

From Cisco’s point of view, SSL-VPN is currently more suited for extranets and the casual remote user, according to Product Manager Pete Davis.

“A user with a corporate asset using more complex applications wants the same exact experience as you have in the office and that’s where IPsec makes sense,” Davis explained.

Cisco offers a hybrid approach and doesn’t claim to force one technology over the other. On the other hand, Cisco’s competitor Juniper also sees SSL-VPNs as being well suited for remote access. Though Juniper believes that IPsec solutions are best suited for site-to-site connectivity.

The Differences

Juniper’s Konstantas explained that one of the primary differences is in terms of modes-of-access.

“With IPsec you get one mode of access and that is full-network-layer connectivity,” she said. “With SSL there’s the notion of multiple types of connectivity that are possible.”

Traditionally SSL-VPNs have allowed remote users access to Web-based applications via a Web browser. Modern SSL-VPN solutions also include application connectivity via a thin client download (usually an Active-X or a Java Client), which acts as an application proxy to the particular application. Full-network-layer connectivity is now available via SSL-VPNs also as a thin-client download.