Is The End of IPsec Afoot?

Within the next two years, IPsec will no longer be the dominant remote
access technology.

According to research firm Gartner, SSL VPNs will be the primary remote
access method by 2008 for greater than 90 percent of casual employee access,
more than three-fourths of contractors and more than two-thirds of business
telecommuting employees.

SSL VPNs offer the promise of easier access since all they typically
involve from the end-user standpoint is a Web browser to access a corporate

SSL(define) is broadly used as the security method of
choice for online banking and other security-sensitive Internet

In contrast, IPsec (define) is seen as being more complex
and resource-intensive, as it typically requires the end user to install a client to access a corporate network.

The Gartner report sites a number of other advantages to SSL VPNs,
including the fact that a unique IP address is not necessarily required to
authenticate, and sessions may “roam” across IP addresses.

According to the report, Cisco is a leader in IPSec and a visionary
in SSL VPN. And Juniper and Aventail are the only two firms in Gartner’s leader
category for SSL VPN.

Both Juniper and Cisco recently launched new SSL VPN platforms for service providers.

Aventail said both legacy IPsec users and new remote-access users are moving to the new technology.

Lewis Carpenter, Aventail COO, explained that the primary barrier to SSL VPN adoption is if a user already has a legacy implementation that’s good enough and that they can live with. Carpenter argues, however, that most find that SSL VPN reduces help desk costs and provides better granular access control among other

One issue that has come up in the past is the price differential
between IPsec- and SSL VPN-based solutions.

An October
conducted by SSL VPN vendor SonicWall reported that 80 percent of
respondents thought that current SSL VPN solutions were too expensive.

Nearly 50 percent of respondents did, however, indicate that they believed
SSL VPN to be a desirable option to have.

“The price of an SSL VPN solution if you just compared it independent of
function to an IP-SEC solution is still higher,” Carpenter admitted.

when you look at the costs of implementation and support, in most cases our
customer say they have achieved significant cost savings because of getting
better access, better control and reducing help desk costs.”

Not everyone agrees entirely with Gartner’s findings, including Cisco systems.

“Cisco believes that both SSL VPNs and IPSec-VPNs remain viable for VPN
access, and the choice remains highly dependent on specific customer
requirements,” Tom Russell, senior director of product marketing in
the Cisco Security Technology Group, told

“However Cisco
does agree with a general trend towards SSL VPNs for their
ease-of-deployment features.”

Aventail’s Carpenter said that he does think that IPsec is a great
technology for connecting networks.

“So in a site-to-site-type implementation, I think it fits fine,”
Carpenter said. “Where it really will continue to diminish, lose
presence and eventually disappear is in the whole area of remote access and

But Cisco doesn’t expect IPsec to disappear anytime soon.

“While SSL VPNs are a viable replacement for IPSec VPNs under appropriate
conditions, Cisco believes IPSec VPNs will remain a very important remote-access VPN technology for the foreseeable future,” Russell said.

Article courtesy of

Latest Articles

Follow Us On Social Media

Explore More