Which to Deploy: Choosing Between IPsec and SSL VPNs

IPsec is a widely deployed technology that is well understood by end users and has established IT deployment support processes. Many organizations find that IPsec meets the requirements of users already using the technology. But the advantages of dynamic, self-updating desktop software, ease of access for noncompany-managed desktops, and highly customizable user access make SSL VPNs a compelling choice for reducing remote-access VPN operations costs and extending network access to hard-to-serve users such as contractors and business partners. As such, organizations often deploy a combination of SSL and IPsec approaches. IPsec is commonly left in place for the existing installed base. SSL is deployed for new users, users with “anywhere” access requirements, contractors, and extranet business partners. By offering both technologies on a single platform, Cisco remote-access VPN solutions make the choice simple: Deploy the technology that is optimized for your deployment and operating environment. Table 9-2 summarizes the issues to consider when evaluating which VPN technology best fits your companies operating environment.

Table 9-2 Choosing a Remote-Access VPN Technology