Cisco CCNA – IPSec VPN vs SSL VPN

Remote Access VPN allows teleworkers (mobile workers) to connect securely to the Head Office over Internet. It’s a very cost effective and efficient solution for providing secure access to resources such as business applications to the mobile workers. Most popular and commonly Remote Access VPN protocols are IPSec and SSL VPN.

IPSec Remote Access VPN

IPSec is a standard protocol suite for securing IP communications by means of authentication and encryption. IPSec is the most widely deployed VPN technology as it allows creating a secure vpn between a pair of host machines, a pair of Routers or between a host machine and a router.  An IPSec Remote Access VPN is created between a Router/Firewall known as Remote Access VPN Server and client that can either be software or hardware based. Cisco Routers and Firewalls can both act as VPN servers and client. Cisco also provides client software known as Cisco VPN Client which can be installed on a machine or some supported smart phones.

SSL VPN

SSL VPN use Secure Socket Layer (SSL) Protocol to create secure VPN. SSL is a Layer 7 crytographic protocol to provide secure communications over internet for web, email and other traffic. Almost all browsers support SSL protocol which makes SSL VPN a very strong and scalable Remote Access VPN solution. Thus SSL VPN is platform independent and can be used on a machine with any operating system which has a browser that supports SSL. An SSL VPN can be created from any machine that has an internet connection and a browser like Internet Cafes, Hotspots and of course company owned and personal computers where as IPSec Remote Access VPN are usually used by company managed desktops that have a client software installed.

An SSL VPN can be deployed using one of three access modes

• Clientless Mode (Layer 7): This mode provides secure access to web based applications only. It does not require any client software and runs from a web browser. 

• Thin Client Mode (Layer 7): This mode is also known as port-forwarding and provides secure access to TCP based applications as well such as POP3, Telnet and SSH. A thin client is downloaded via Java Applet. 

• Thick Client Mode (Tunneling): This mode provides network layer access to virtually any application over SSL VPN by downloading a SSL VPN Client Software from the VPN Server. This mode is usually used for company owned desktops.