In this article we will talk about SSL VPNs, and in previous article we already discussed about Remote-Access VPNs.
When a client negotiates an SSL VPN connection with the VPN gateway, it actually connects using Transport Layer Security (TLS). TLS is the newer version of SSL and is sometimes expressed as SSL/TLS. However, both terms are often used interchangeably.
SSL uses the public key infrastructure and digital certificates to authenticate peers. Both IPsec and SSL VPN technologies offer access to virtually any network application or resource. However, when security is an issue, IPsec is the superior choice. If support and ease of deployment are the primary issues, consider SSL. The type of VPN method implemented is based on the access requirements of the users and the organization’s IT processes. The table compares IPsec and SSL remote access deployments.
|Applications supported||Extensive – All IP-based applications are supported.||Limited – Only web-based applications and file sharing are supported.|
|Authentication strength||Strong – Uses two-way authentication with shared keys or digital certificates.||Moderate – Using one-way or two-way authentication.|
|Encryption strength||Strong – Uses key lengths from 56 bits to 256 bits.||Moderate to strong – With key lengths from 40 bits to 256 bits.|
|Connection complexity||Medium – Because it requires a VPN client pre-installed on a host.||Low – It only requires a web browser on a host.|
|Connection option||Limited – Only specific devices with specific configurations can connect.||Extensive – Any device with a web browser can connect.|
It is important to understand that IPsec and SSL VPNs are not mutually exclusive. Instead, they are complementary; both technologies solve different problems, and an organization may implement IPsec, SSL, or both, depending on the needs of its telecommuters.