A VPN (Virtual Private Network) is one of the most used solutions to access an organization's data remotely and to provide interconnectivity between networks across different locations. It provides a secure connection by encrypting traffic before being forwarded out to its destination over the internet. Just about every firewall vendor provides their own VPN deployment option which could be via a client, clientless, or both. Depending on the vendor, a per seat VPN license may also be required.
With that said, the two most common VPN protocols are IPSEC and SSL VPN. Both are equally viable options for secure access to company data and resources. Which should you use then? Although both options are similar in their overall goal of providing secure connectivity, there are differences as we get more specific with the protocols and its capabilities.
IPSEC can be used for both site-to-site VPN connectivity (connecting two or more remote sites together) and client-to-site (a remote user accessing company resources). IPSEC client-to-site typically requires a VPN client to facilitate the connection, unless native IPSEC options are available on the connecting device. Mac OSX and iOS, for example, allows for IPSEC VPN connections without the need for a VPN client.When site-to-site VPN connectivity is needed, IPSEC is the solid choice since it can provide an “always up” connection and is a supported standard across different systems. IPSEC also operates at the IP network layer (Layer 3) and thus carries less overhead for tunneled traffic (quicker connections and faster throughput).
SSL VPN on the other hand uses SSL to establish connections (think HTTPS) and operates at the application layer (Layer 7). The TCP transport protocol is used instead of UDP and typically defaults to port 443 (can also be changed to a custom port). SSL VPN is an increasingly popular option for remote access to company resources since it can provide connectivity without needing to install a client. An SSL VPN connection can be achieved simply by visiting a web portal via web browser and signing in with the proper credentials. Access to applications and resources can be controlled per user or group policy as well. For an “in the office” experience (much like that of IPSEC), an SSL VPN client can still be deployed to provide full tunneled access. Users can then access their mapped drives or applications directly from their desktop without having to maneuver through web-based options.
It’s best to have both options on the table and implement each based on the desired results and application. It’s very common to have an environment that leverages both solutions though - with IPSEC being the option of choice for site-to-site connectivity, and SSL VPN for remote users.
If you'd like more information or have any questions, please contact us :