SSL VPN vs IPSec VPN – Pros & Cons Of Both VPNs
But actually, a lot goes into behind the working of a VPN, especially when it comes to encryption.
The encryption is not only important to the daily users but also to the corporate world. Back when VPN was not available, a dedicated leased line or remote access servers were installed for a remote user or for an office in a different region to connect to the main office.
This proved to be inefficient and costly. So organisations needed an efficient and safer way to connect, and this issue was resolved by VPN.
IPsec or Internet Protocol Security is an end to end protocol that works on the Network layer of the OSI model. This protocol was developed to work with IPv4 as when initially developed, IPv4 was with minimum security.
IPsec can protect data that flows between two computers or hosts, two networks or even a network and host.
IPsec can operate in two modes:
- IPsec tunnel mode: In this mode, the entire data that is transmitted is encrypted or secured with updated header and ESP (Encapsulating Security Protocol) trailer.
- IPsec transport mode: The only difference between tunnel and transport mode is that with transport not all the data is encrypted but only the payload and ESP trailer were encrypted.
- As it can work or set up a connection between two hosts, it provides permanent connection between two hosts in a different region or location.
- An added security comes in as IPsec requires additional software and proper configuration to work.
- The main issue with IPsec is “overhead”. As it provides encryption, extra traffic can be introduced to the network, thus compromising on performance
- Once a user is connected to a corporate network using IPsec, the user will have complete access to the network as it doesn’t have support for controlling the access
- Setting up IPsec needs additional configurations and this can increase cost and labour as it has to be installed separately on all devices that are or want to connect to the VPN server.
The flaws or cons of IPsec can easily be eradicated using SSL VPN which was designed keeping in mind the users who need remote access to their organisation. All the browsers out there support SSL, so this web based VPN was very easy to implement.
SSL VPN can be used to restrict user access, so it is possible to give a particular user or a team access to few resources, like access to only a particular application or just emailing service.
SSL VPN can operate in two modes:
- SSL Portal VPN: In portal VPN, a user accesses the web by first logging into a portal. Once logged in, the user can access the web securely.
As user needs to login first to a portal, hence the name “SSL Portal VPN”
- SSL Tunnel VPN: With portal VPN a user can only access the web after login but other applications that use the internet will be inaccessible. This drawback was resolved in tunnel VPN, now applications and other services were accessible even if they were not web based.
- Segmented access was possible, so users can be restricted to resources that they need instead of giving access to all the resources in an organisation
- As SSL was a web based VPN, there was no need for an additional client software
- As SSL VPN was mainly a web based VPN, applications or other network services that were not web based requires additional configuration which adds more complexity
- In case the remote host requires to be always connected to the on site host, SSL VPN will not work as it doesn’t have a capability to be always connected
Both SSL and IPsec VPN have their advantages and disadvantages. It depends on the organisation’s requirement as to which VPN has to be implemented.
When a continuous active connection is needed between two hosts, IPsec can be used. As it provides the users with access to all resources and restricted access cannot be implemented, a NAC or Network Access Control system can be implemented to overcome this issue.
When it comes to SSL VPN, it can be used by users who work remotely and travel a lot but need to connect to the organisation. So access control or security policies can be easily implemented.