Internet-based virtual private networks (VPNs) typically come in two flavors: IPsec (Internet Protocol Security) and SSL (Secure Sockets Layer). Both have their pros and cons. Here's what you need to know about IPsec VPNs.
According to TechTarget, IPsec is a "framework for a set of protocols for security at the network or packet processing layer of network communication." One of its advantages is that security can be handled at the network level rather than directly on individual computers.
Another advantage involves IPsec's transparency to applications. By running at the internet layer, IPsec is not concerned about how application traffic is being transported and it doesn't have much impact on activities taking place on other layers. Thus, IPsec VPNs are considered an excellent choice for both traditional and real-time traffic.
IPsec has fewer security issues than SSL which relies on security certificates. An IPsec VPN offers remote workers a secure way to access all of the resources on a corporate network whereas SSL VPNs are more limited in scope and tend to be more browser based.
That said, because IPsec connects all of the devices attached to each network, it does open up a major concern about spreading malware. For example, if a remote worker has a small home network and then connects to the IPsec VPN, that worker's entire home network would be connected.
If one of the personal computers is infected, that infection could travel through the IPsec tunnel and infect the corporate WAN if appropriate security measures are not in place. SSL VPNs don not have this issue as they run at higher network layers.
Remote workers using IPsec VPNs often must overcome issues with firewalls that restrict access. For example, it may not be possible to connect using an IPsec VPN from a hotel room, coworking space, or partner's location because of restrictions set on their networks' firewalls. Another problem involves connecting to an IPsec VPN from home as some Internet service providers block IPsec traffic from residential customers.
According to Aryaka, a network as a service provider, IPsec VPNs suffer from several additional problems. For example, if great distances are involved such as crossing an ocean, packet loss rates and variable latencies often combine to make many applications unusable. Plus, using the public Internet to connect remote workers to corporate WANs can be highly unreliable regardless of distances involved.
The disadvantages of IPsec VPNs aren't insurmountable, however. By using an optimized WAN or network as a service solution such as Aryaka's IPsec VPN solution, you can get reliability and improved performance at a fraction of the cost of MPLS.
This particular IPsec VPN solution blends WAN optimization as a service and network as a service to create a private, optimized WAN that delivers superior performance over long distances, accelerates applications, provides fast and reliable access to cloud-based services, and more -- all with a low total cost of ownership.