Both IPsec and SSL VPN technologies offer access to virtually any network application or resource, as shown in the figure. SSL VPNs offer such features as easy connectivity from non-company-managed desktops, little or no desktop software maintenance, and user-customized web portals upon login.
IPsec exceeds SSL in many significant ways:
- Number of applications that are supported
- Strength of encryption
- Strength of authentication
- Overall security
When security is an issue, IPsec is the superior choice. If support and ease of deployment are the primary issues, consider SSL.
IPsec and SSL VPN are complementary because they solve different problems. Depending on its needs, an organization can implement one or both. This complementary approach allows a single device such as an ISR router or an ASA firewall appliance to address all remote-access user requirements. While many solutions offer either IPsec or SSL, Cisco remote-access VPN solutions offer both technologies integrated on a single platform with unified management. Offering both IPsec and SSL technologies enables organizations to customize their remote-access VPN without any additional hardware or management complexity.