This article compares the IPSec VPN and ssl vpn technologies in detail, so that users from all walks of life can better understand the VPN technology and select the appropriate VPN product.
Another VPN implementation technology different from the traditional VPN is the use of SSL-based VPN. This SSL-based VPN provides security similar to IPSec VPN. Because of the IPSec VPNArticleThere are many, so I will not go into details here, just explain the working principle of SSL VPN and the comparison of the two technologies.
How ssl vpn works
The general implementation of ssl vpn is to place an SSL Proxy Server behind the enterprise's firewall. If you want to Securely connect to the company's network, when you enter a URL in the browser, the connection will be obtained by the SSL Proxy Server and verified by the user, the SSL Proxy server then provides a remote user to connect to different application servers.
Disadvantages of SSL VPN
Because it is a relatively less widely used technology, there are not many vendors that can provide the corresponding products and services, the ssl vpn technology is compared with the IPSec VPN technology, what are the disadvantages? I will give a brief analysis here.
The ssl vpn application has many limitations and is only applicable to the database-Application Server-web server-browser mode. There are many restrictions on deployment methods, protection scope, and authentication methods, which is one of the reasons why the ssl vpn market is limited.
In addition, specific provisions of the national commercial Password Management Department (such as the State Council Decree No. 273) indicate that our policies do not allow the use of the ssl vpn Technology Using DES.
Ssl vpn Problems
1. the ssl vpn authentication method is relatively simple. Only certificates can be used, and generally one-way authentication is used. To support other authentication methods, secondary development is often required for a long time. IPSec VPN authentication is more flexible (password, radius, Token, etc ).
2. ssl vpn can only be authenticated and encrypted, and access control is not implemented. After a tunnel is established, the administrator cannot impose any restrictions on users. The VPN of the integrated firewall allows users to access internal resources (hosts and databases) based on their identities and roles for access control and security audit. This is also the most important concern of users.
3. To achieve secure network-network interconnection, you must consider using ipsecvpn.
4. Limitations of the Application Layer
Another major limitation of ssl vpn is that users can only access web server-based applications, while IPSec VPN can provide access to almost all applications, including the Client/Server mode and some traditional applications.
An enterprise often has many types of applications (OA, finance, sales management, ERP, many of which are not based on the Web). Only a few web applications are available. Generally, enterprises want the VPN to achieve the LAN effect (for example, the network neighbor, and ssl vpn can only protect the application layer protocol, such as web and FTP), to protect more applications, ssl vpn simply cannot.
5. ssl vpn requires ca support. Enterprises must purchase or deploy a small VPN system on their own. For an enterprise (even an IT enterprise), Certificate Management is quite complicated.
Ssl vpn is encrypted at the application layer, with poor performance. At present, VPN can reach 1g or even close to 10g, while ssl vpn is encrypted at the application layer. Even if an acceleration card is used, the performance can only reach about M.
Based on the above analysis, the inherent limitations of ssl vpn have led to the fact that in a VPN solution deployed in a wide range, ssl vpn is far from enough to meet users' needs, therefore, we hope that you can carefully consider and carefully select products. Article entry: CSH responsible editor: CSH