Home Page


Email & Spam

Security Terminology

Security Topics

VPN & Cryptography





VPN Terminology

VPN Tutorial Guide



Aggressive Mode

Authentication Header

Asymmetric Encryption


Certification Authority

Data Integrity



Digital Certificate

Dynamic IP addresses





IPSec Quick Mode


Main Mode







Pre-Shared Key

Remote Access User


Security Association


Site to Site VPN


Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel


Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?


What is Guide

What is a Firewall?

What is a Virus?

What is Spam?


Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security



Top 8 Internet Security tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?



SSL - VPN Tutorial



SSL VPN (Secure Socket Layer VPN)

Now vendors have started making use of the SSL application layer protocol in conjunction with VPN’s. SSL provides excellent security for remote access users as well as ease of use. SSL is already heavily used such as when you shop online, accessing your bank account online, you will notice an SSL protected page when you see the “https” in your browser URL bar as opposed to “http”. The difference in using SSL VPN is, with IPSec a remote user would require client software and would need to configure this. However with SSL VPN you do not need any client software as you log into a portal. You just need the URL address and use a web browser to access the portal.The portal is a GUI interface that is accessed via a web browser and contains tools and utilities in order to access applications on the network such as RDP and Outlook. SSL VPN can also imitate the way IPSec works via a lightweight software client that can be configured and installed without much effort, which simplifies the process in securely accessing the corporate network.

For a first time VPN user using SSL they would access the VPN gateway via their web browser either using an IP address or a domain name. This would take them to a GUI asking them to log in. To imitate that of the way IPSec works (giving full access to the network from a client) client software can be installed via ActiveX or Java. When client software has been installed, remote user would be able to login which will create a VPN tunnel from remote user to VPN gateway. Now the end user will have access to their network resources.

The client software installed through a web browser is a breeze and in fact you would not notice much at all. All the settings are configured for you, and it is as simple as clicking a button when installing client software for SSL VPN.

So looking at it from an administrator point of view, VPN SSL is all done via a web browser, and is extremely simple to use. With IPSec, the VPN client would have to be downloaded, installed and configured. This would take end user’s more effort and skill than going via the VPN SSL route via a web browser. SSL VPN would mean thousands of end user’s would be able to manage accessing the corporate network without support of an administrator and possible hours of trouble shooting.

SSL VPN software also comes with a feature called host checking or Network Access Control. This means the software will only allow users if their computer systems are compliant and up to date. For example you can configure the SSL VPN to only allow users to be able to access the network if their system's anti-virus software and firewall is up to date, their operating system is on the latest patch and they are running a certain application that the company requires.


Key points between IPSec and SSL VPN's

SSL VPN is accessed via a web portal front end after a secure https connection has been established between the client and server. From here a user can access the configured enterprise applications. IPSec VPN connectivity happens via the configured client software, and when connected can use resources available on the network.

SSL is very easy and simple to install and use as compared to IPSec. The IPSec protocol is sometimes blocked in public places such as hotels and cafe's where SSL is usually always open.

IPSec software has to be installed and configured on all client machines before being able to remotely connect. With SSL, the remote user only requires a web browser and the possibility to be able to download and install Java or ActiveX.

IPSec provides security to network access only, where SSL VPN's provides secure access to certain applications. IPSec is suitable for LAN to LAN or gateway to gateway connectivity where SSL VPN is suitable for remote client access only.

IPSec is an all or nothing scenario. This means you are either connected to the network or you are not. SSL VPN has much tighter control and can be setup so that for certain users they get access to certain applications only and can only access the network if their system is compliant.

If you are looking to buy a dedicated VPN solution, here is list of SSL VPN vendors.

Further Reading

Wikipedia's guide to SSL