Comments on: VPN’s: IPSec vs. SSL http://www.tonybradley.com/2009/08/vpns-ipsec-vs-ssl/ Computer Security In Plain English For Normal People Wed, 03 Mar 2010 17:29:50 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: VPN Haus http://www.tonybradley.com/2009/08/vpns-ipsec-vs-ssl/comment-page-1/#comment-841 VPN Haus Mon, 17 Aug 2009 14:41:57 +0000 http://www.tonybradley.com/?p=1904#comment-841 “Traditional IPsec solutions are complicated. Consequently, SSL VPN solutions were introduced with the intention to be clientless and easy. However, this was not the case, and in fact, SSL requires a thin or fat client to enable all of the features users require. In your post, you make many interesting and accurate points—but what about addressing new IPsec solutions. NCP has developed a client, which is a hybrid of IPsec and SSL that solves the problems you describe above. This solution also eases the problems associated with remote PCs/Laptops.” “Traditional IPsec solutions are complicated. Consequently, SSL VPN solutions were introduced with the intention to be clientless and easy. However, this was not the case, and in fact, SSL requires a thin or fat client to enable all of the features users require. In your post, you make many interesting and accurate points—but what about addressing new IPsec solutions. NCP has developed a client, which is a hybrid of IPsec and SSL that solves the problems you describe above. This solution also eases the problems associated with remote PCs/Laptops.”

]]> By: Etherealmind http://www.tonybradley.com/2009/08/vpns-ipsec-vs-ssl/comment-page-1/#comment-832 Etherealmind Fri, 14 Aug 2009 08:54:23 +0000 http://www.tonybradley.com/?p=1904#comment-832 You are not entirely correct. SSL VPNs support a full range of site to site VPN functionality whereas you suggest that it only operates in a web browser. In fact, SSL VPN typically supports three modes: - browser only - thin client mode supporting port forwarding by downloading an agent from within the browser - full client support equivalent to IPSec. This capability has been available for several years and its surprising that you are not aware of it. You have also made no mention of the fact that SSL VPN require expensive licenses and cost a substantial amount for most commercial implementation from the main vendors. You are not entirely correct. SSL VPNs support a full range of site to site VPN functionality whereas you suggest that it only operates in a web browser. In fact, SSL VPN typically supports three modes:
- browser only
- thin client mode supporting port forwarding by downloading an agent from within the browser
- full client support equivalent to IPSec.

This capability has been available for several years and its surprising that you are not aware of it.

You have also made no mention of the fact that SSL VPN require expensive licenses and cost a substantial amount for most commercial implementation from the main vendors.

]]>