In this article we will talk about SSL VPNs, and in previous article we already discussed about Remote-Access VPNs.

When a client negotiates an SSL VPN connection with the VPN gateway, it actually connects using Transport Layer Security (TLS). TLS is the newer version of SSL and is sometimes expressed as SSL/TLS. However, both terms are often used interchangeably.


SSL uses the public key infrastructure and digital certificates to authenticate peers. Both IPsec and SSL VPN technologies offer access to virtually any network application or resource. However, when security is an issue, IPsec is the superior choice. If support and ease of deployment are the primary issues, consider SSL. The type of VPN method implemented is based on the access requirements of the users and the organization’s IT processes. The table compares IPsec and SSL remote access deployments.

Applications supportedExtensive – All IP-based applications are supported.Limited – Only web-based applications and file sharing are supported.
Authentication strengthStrong – Uses two-way authentication with shared keys or digital certificates.Moderate – Using one-way or two-way authentication.
Encryption strengthStrong – Uses key lengths from 56 bits to 256 bits.Moderate to strong – With key lengths from 40 bits to 256 bits.
Connection complexityMedium – Because it requires a VPN client pre-installed on a host.Low – It only requires a web browser on a host.
Connection optionLimited – Only specific devices with specific configurations can connect.Extensive – Any device with a web browser can connect.

It is important to understand that IPsec and SSL VPNs are not mutually exclusive. Instead, they are complementary; both technologies solve different problems, and an organization may implement IPsec, SSL, or both, depending on the needs of its telecommuters.

1 Trackback / Pingback

  1. Content Security Appliances - Cisco Education

Leave a Reply

Your email address will not be published.