VPNs allow remote users to connect to a private network over a public network. The private network is the organization’s internal network. The public network is often the Internet, but it is also possible for an organization to use leased lines from a telecommunications company to create the VPN connection.
Remote users can be:
Because data transmits over a public network, it needs protection. VPNs use tunneling protocols to establish secure connections. These tunneling protocols include different types of encryption to protect the data.
Several protocols support VPNs. These include:
Each method has advantages, depending on the access requirements of your users and your organization’s IT processes. Although many solutions only offer either IPSec or SSL/TLS, some vendors, including Microsoft and Cisco, offer multiple technologies integrated on a single platform with unified management. Offering both IPSec and SSL/TLS technologies can enable organizations to customize the remote access VPN without any additional hardware or management complexity.
SSL/TLS–based VPNs enable remote access connectivity from almost any Internet-enabled location using a web browser and its native SSL/TLS encryption. It does not require pre-installation of any special-purpose client software. This makes remote access SSL/TLS VPNs capable of “anywhere” connectivity from company-managed desktops and non–company-managed systems, such as employees’ PCs, contractor or business partner desktops, and Internet kiosks. Any software required for application access across the SSL/TLS VPN connection is dynamically downloaded on an as-needed basis, thereby minimizing desktop software maintenance.
IPSec-based VPNs are the deployment-proven remote access technology used by organizations. IPSec VPN connections use pre-installed VPN client software on the user systems, focusing it primarily on company-managed desktops. IPSec-based remote access offers versatility and customizability through modification of the VPN client software. Using APIs in IPSec client software, organizations can control the appearance and function of the VPN client for use in applications such as unattended kiosks, integration with other desktop applications, and other special deployments.
Both IPSec and SSL/TLS VPN technologies offer access to virtually any network application or resource. SSL/TLS VPNs offer additional features such as easy connectivity from non– company-managed desktops, little or no desktop software maintenance, and user-customized web portals upon login. The primary drawback with IPSec is that it cannot traverse a NAT server. If you are deploying a VPN server and want the connection to go through a NAT server, SSL/TLS is a sound solution.
It is possible to use NAT traversal (NAT-T) to allow IPSec traffic to pass through a NAT server, but be aware of some issues with it. For example, Microsoft has specifically recommended that NAT-T not be used, though IT professionals still recommend NAT-T with non-Microsoft hosts.
3.15.168.73