Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What is difference between site to site VPN and IP sec VPN and SSL VPN?

user-image
Question added by Deleted user
Date Posted: 2015/08/25
Khaled Moustafa Kahila
by Khaled Moustafa Kahila , IT Engineer , Alpha Data

There are two type of VPN Virtual Private Network Site-to-Site and remote access

in order to implement them there are two technologies:

1- IPSec (suite of protocols to protect IP packets) 

it can be use for both types of VPN,it's most preferred method for Site-to-site VPN

2 -SSL/TLS pretty much the same Secure Socket Layer

It's remote access only, end-points not required to have VPN Client

every well known web browser support them. common use is proving web server identity to client

Hussain Idris
by Hussain Idris , Team Leader , Fast Telecommunication Co. (FASTTELCO)

VPN means "Virtual Private Network". It is a generic concept which designates a part of a bigger network (e.g. the Internet at large) which is logically isolated from the bigger network through non-hardware means (that's what "virtual" means): it is not that we are using distinct cables and switches; rather, isolation is performed through use of cryptography.

SSL (now known as TLS) is a technology which takes a bidirectional transport medium and provides a secured bidirectional medium. It requires the underlying transport medium to be "mostly reliable" (when not attacked, data bytes are transferred in due order, with no loss and no repetition). SSL provides confidentiality, integrity (active alterations are reliably detected), and some authentication (usually server authentication, possibly mutual client-server authentication if using certificates on both sides).

So VPN and SSL are not from the same level. A VPN implementation requires some cryptography at some point. Some VPN implementations actually use SSL, resulting in a layered system: the VPN transfers IP packets (of the virtual network) by serializing them on a SSL connection, which itself uses TCP as a transport medium, which is built over IP packets (on the physical unprotected network). IPsec is another technology which is more deeply integrated in the packets, which suppresses some of those layers, and is thus a bit more efficient (less bandwidth overhead). On the other hand, IPsec must be managed quite deep within the operating system network code, while a SSL-based VPN only needs some way to hijack incoming and outgoing traffic; the rest can be down in user-level software.

As I understand your question, you have an application where some machines must communicate over the Internet. You have some security requirements, and are think about either using SSL (over TCP over IP) or possibly possibly HTTPS (which is HTTP-over-SSL-over-TCP-over-IP), or setting up a VPN between client and server and using "plain" TCP in that private network (the point of the VPN is that is gives you a secure network where you need not worry anymore about confidentiality). With SSL, your connection code must be aware of the security; from a programming point of view, you do not open a SSL connection as if it was "just a socket". Some libraries make it relatively simple, but still, you must manage security at application level. A VPN, on the other hand, is configured at operating system level, so the security is not between your application on the client and your application on the server, but between the client operating system and the server operating system: that's not the same security model, although in many situations the difference turns out not to be relevant.

In practice, a VPN means that some configuration step is needed on the client operating system. It is quite invasive. Using two VPN-based applications on the same client may be problematic (security-wise, because the client then acts as a bridge which links together two VPN which should nominally be isolated from each other, and also in practice, because of collisions in address space). If the client is a customer, having him configure a VPN properly looks like an impossible task. However, a VPN means that applications need not be aware of security, so this makes it much easier to integrate third-party software within your application.

Vhuphilo Mudau
by Vhuphilo Mudau , Network Manager , NWConnect (Pvt) Ltd

Site to Site VPN connects geographical dispersed LANs over the internet infrastructure, whereas IPSec VPN and SSL VPN connect client devices to a LAN over the internet infrastructure.

Salman Aziz
by Salman Aziz , Network Security Administrator , Agility - Kuwait

Site to Site VPN are build over internet between two or more office locations, where as IP Sec VPN / SSL VPN Tunnels are generalized and used by home users, they need to access their VPN Firewall authenticate and use office resources.

Rafee Ullah
by Rafee Ullah , Network Instructor , Network System & Information Technology

site to site Vpn used between different area over internet while SSL Vpn AND IP sec used by home users, they need to access their VPN Firewall authenticate and use office resources.

ashraf taha
by ashraf taha , مدرس - teacher , مراكز تعليمية - Educational centers

You are worthy answer - do not ask a question you know his answer

RAGHU P R
by RAGHU P R , windows administrator , spectrum softtech solutions pvt ltd

site to site vpn: two firewalls/routers/servers at different site and there are rules defined to create site to site vpn among the two routers. the client systems under these routers can communicate each other. these router can access other network resources also.

 

ipsec vpn: this is done by ip security. ip security rules are added at two servers and a tunnel is created. all the data flow is through the tunnel. it is more secure. that no other system can interfere through the tunnel.

 

ssl vpn: ssl vpn can be done through a browser. other than ipsec vpn, there should not be any specialized client software to access the router. all is done through certain certificate matching.

tajamul islam
by tajamul islam , IT administrator , sama water company

Although ssl vpn vs ipsec have the same purpose, they arevery different in theory and practice. This often leads to a fundamental misunderstanding and frustration high when configuring VPN along with the complexity of the problem. Daily practice shows that results are often not secure VPN. This article is to explain this situation and to support practical when choosing between IPSec and SSL VPN. Both technologies are presented and compared with each other based on the selected criteria.

The basic idea behind a “Virtual Private Network” explained quickly. There is a need, a personal network through an insecure medium such as the Internet to build. The use of other, existing network is as interesting as a highly cost effective alternative to using their own network. However, it must be ensured that the data will be transferred to a foreign network can be protected. For this purpose, use is made of cryptography is to protect not only against tapping and sabotage of data while abroad, but it ensures that only those who want to build and host a private network with each other.

After the property was given without a doubt, for example, an employee on official business travel across the Internet to connect to the corporate network and thus access to all the company’s resources with the regular way. It is irrelevant whether he goes on to use Wi-Fi at the hotel, a hot spot in the airport or internet connections to customers. Whenever company data securely transported through this foreign network, it should be remembered that the employee only has influence on the objective data, but not on the routing in the network of transit. Thus, data on the Internet, such as the past demonstrates just channeled through backbone network American or Chinese, even though the sender and recipient in the same country. To protect you against industrial espionage, for example, secure VPN connections is therefore indispensable.

ssl vpn vs ipsec comparison

IPSec vs SSL Difference

When comparing the IPSec and OpenVPN naturally raises the question where the technology is more secure. The question can be answered by saying that the two technologies, secure configuration key is long enough and provided can be used safely for a VPN in the country at this time. When answering the question the majority, it is important to decide what criteria to use as a benchmark for the response. Depending on the criteria and then answer, questions quickly fell in favor of the technology. For example, OpenVPN followers used as arguments for a more secure VPN as described in the previous section is a simple configuration. This simple config directly handled perhaps the biggest complaint with IPSec. Counter-arguments refer to IPSec support such as the fact that IPSec are significantly more likely to undergo a security review. This is reflected not only in the adoption of the protocols by the IETFrefuses, but also on many IPSec implementation from leading manufacturers, as listed on the market penetration. In addition, a prominent security IPSec to such an analysis exists. The vulnerability of such protocols is known and can be addressed accordingly; the process, not through OpenVPN has been in shape.

The other side of the VPN is for participants from the company network hardly can be seen that the data comes from a remote computer. A VPN gateway on the interface to the corporate network to receive data, decrypts, and feed into the network as employees directly connected to his laptop. Instead of linking, one employee can connect to the same remote network and then connect e.g. a subsidiary. The operation of virtual private network does not change.

To secure the VPN connection, two methods have been established from time to time: IPSec and SSL VPN. IPSec has been standardized by the IETF and refers to a collection of different network protocols; together ensure properties are described for securing company data. SSL VPN based on the idea that you cannot re-invent the wheel, but using the core of proven SSL/TLS technology and adds the required parameters for some VPN. The official standards, the core of support for SSL/TLS VPN set up, not to develop from time to time. There are more different software implementations that implement this type of VPN.

Unfortunately, the term “SSL VPN” is becoming more and more abused by several manufacturers in the last couple of years in the order most likely to indicate a higher level of security. As a result, fell in his assessment of the product is often difficult to identify the actual SSL VPN. However, this can be achieved if contrary to the description of the selected VPN. A prominent example in this context is often used the term “clientless SSL VPN”. According to the words you might initially suspect that the reasonable intention behind is to get a PC from an internet cafe in domestic corporate network or even to connect to an internet cafe. On closer inspection, however, it became clear that it was hiding the browser-based applications such as VPN access, selected the company by using HTTPS. These often include access to e-mail accounts, directories of files or terminal server. Even in the case of terminal server cannot talk about personal networks, since only mouse movements and keystrokes sent to the server and sends back the output screen. Direct coupling of the remote computer does not occur. VPN usage the term in this context is therefore misleading and often assumed uncritically. In the end, the question arises, what information is encrypted. While there is a special case of application through HTTPS, SSL VPN which are in a “real” application data sent along with the data from the TCP/IP stack. For a better differentiation, because it is another name would be useful, for example “Clientless Remote Access” or at least “Web-based SSL VPN”.

ssl vpn vs ipsec

In practice, for many years, SSL VPN implementation has superior and established. Known as implementation of OpenVPN now in wide distribution. Behind open source projects, especially US companies United OpenVPN Technologies, Inc., which also sells a commercial version in addition to the support from the open source project released under the GPL license. Because of the dominance of SSL VPN with IPSec, this will further OpenVPN, compared the most important representative of the SSL VPN. Advancing the two opponents is introduced briefly.

Site-to-Site VPN with OpenVPN

IPsec was originally designed to provide point-to-point, always-on connections between remote sites and the central office resource. The clients in this case could be branch offices or vendors.

SSL VPNs, on the other hand, were designed with the mobile workforce in mind. The intended goal was to provide a seamless, clientless method for remote access. An SSL VPN can be thought of as an application proxy, providing granular access to specific corporate resources that a remote user can access using his or her browser without the need to install a client.

Zaiyad Bin Akhtar
by Zaiyad Bin Akhtar , Team Lead Network & Security Ops , DWP Technologies (Pvt) Ltd

In Site-to-site VPNs connect entire networks to each other -- for example, connecting a branch office network to a company headquarters network. In a site-to-site VPN, hosts do not have VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway. The VPN gateway is responsible for encapsulating and encrypting outbound traffic, sending it through a VPN tunnel over the Internet, to a peer VPN gateway at the target site. Upon receipt, the peer VPN gateway strips the headers, decrypts the content, and relays the packet towards the target host inside its private network.

While IPSec VPNs protect IP packets exchanged between remote networks or hosts and an IPSec gateway located at the edge of your private network. SSL VPN products protect application streams from remote users to an SSL gateway. In other words, IPSec connects hosts to entire private networks, while SSL VPNs connect users to services and applications inside those networks.

IPSec VPNs can support all IP-based applications--to an IPSec VPN product, all IP packets are the same. SSL VPN application services vary, because each product has its own way of presenting client interfaces through browsers, relaying application streams through the gateway, and integrating with destination servers inside the private network. Most SSL VPNs provide secure access to Microsoft Outlook Webmail, network file shares and other common business applications. However, they often require custom development to support nonbrowser-based apps.

The major difference between an IPsec VPN and an SSL VPN comes down to the network layers at which encryption and authentication are performed. ... Another important difference is that IPsec does not explicitly specify encryption of connections, while SSL VPNs default to encryption of network traffic.

More Questions Like This