Cisco CCNA 200-301 – IPSec VPN vs SSL VPN

Remote Access VPN allows teleworkers (mobile workers) to connect securely to the Head Office over the Internet. It’s a very cost-effective and efficient solution for providing secure access to resources such as business applications to the mobile workers. Most popular and commonly Remote Access VPN protocols are IPSec and SSL VPN.

IPSec Remote Access VPN

IPSec is a standard protocol suite for securing IP communications by means of authentication and encryption. IPSec is the most widely deployed VPN technology as it allows creating a secure VPN between a pair of host machines, a pair of Routers, or between a host machine and a router.  An IPSec Remote Access VPN is created between a Router/Firewall known as Remote Access VPN Server and client that can either be software or hardware-based. Cisco Routers and Firewalls can both act as VPN servers and clients. Cisco also provides client software known as Cisco VPN Client which can be installed on a machine or some supported smartphones.

SSL VPN

SSL VPNs use Secure Socket Layer (SSL) Protocol to create a secure VPN. SSL is a Layer 7 cryptographic protocol to provide secure communications over the internet for web, email, and other traffic. Almost all browsers support SSL protocol which makes SSL VPN a very strong and scalable Remote Access VPN solution. Thus SSL VPN is platform-independent and can be used on a machine with any operating system which has a browser that supports SSL. An SSL VPN can be created from any machine that has an internet connection and a browser like Internet Cafes, Hotspots, and of course, company-owned and personal computers whereas IPSec Remote Access VPNs are usually used by company managed desktops that have client software installed.

An SSL VPN can be deployed using one of three access modes

• Clientless Mode (Layer 7): This mode provides secure access to web based applications only. It does not require any client software and runs from a web browser. 

• Thin Client Mode (Layer 7): This mode is also known as port-forwarding and provides secure access to TCP based applications as well such as POP3, Telnet, and SSH. A thin client is downloaded via Java Applet. 

• Thick Client Mode (Tunneling): This mode provides network layer access to virtually any application over SSL VPN by downloading an SSL VPN Client Software from the VPN Server. This mode is usually used for company-owned desktops.