What is the difference between IPSEC VPN and SSL VPN?
Secure Socket Layer VPNs use SSL or TLS to encrypt data over the VPN, OpenVPN is an example. SSL and TLS run over TCP.
IPsec (Internet Protocol Security) is a open standard established by IEFT (Internet Engineering Task Force) and is part of the IP layer. The implementation is Vendor specific. it can be configured different ways. It support AH (Authentication Headers) to verify sender and receiver , ESP (Encapsulated Security Payload) which is used to encapsulate encrypted IP packets in a IP tunnel (known as tunnel mode). It support IKE (Internet Key Exchange) , various encryption protocols.
You can configure a IPsec as a point to point tunnel between gateways, for example, from the Corporate network firewall to a gateway/firewall system at a remote office. It can also be configured as a point to point tunnel between two systems, for example, a administrators desktop to a server.
SSL VPN
- Works on Application Layer of the OSI reference model.
- It is easier to configure as it works on HTTPS.
- Does not require client software on every endpoint for Remote Access VPN.
- Any End device can connect by using SSL VPN.
- Provides granular access up to the application layer ( Users can get the access only specific resources that are required according to security policy).
- More flexible.
- Uses only DES algorithm for encryption.
- Uses Third-Party Authentication makes less secure compared to IPSEC VPN.
- Well suited for Remote Access VPN and Web-based Applications.
IPSEC VPN
- Works on Transport Layer of the OSI reference model.
- Complex Configuration
- Requires a client software on every endpoint for Remote Access VPN.
- Supports only specific devices to connect.
- Does not provide granular access up to application layer.
- Less flexible.
- Uses DES,3DES and AES algorithm for encryption.
- Built-in Authentication makes more secure compared to SSL VPN.
- Well Suited for Site to Site VPN.
