Read an interesting post on Cisco and its lack of support of the 64-bit IPSec VPN client. What was more interesting to us though, was a reader’s comment listed below the post—Robert, comment no. 7.
Robert disagrees with blogger, Greg Ferro’s post, and believes Cisco is going in the right direction with its support of SSL. “IPSec was never designed to be a user VPN solution,” says Robert. “Anyone [who] has to deal with multiple VPN clients, [knows] it’s a pain because of where IPSec is inserted into the stack.”
We disagree! IPSec’s historic downside has been the complexity created by so much flexibility (Robert’s point). But this has been fixed. However, the bigger picture here is that supporting solely SSL or IPSec is not good enough. Arguments for both SSL and IPSec have been an on-going debate for some time now, and there is a clear argument for the use of both, under different situations. One or the other does not apply.
Regardless of a user’s access, an enterprise solution should support both SSL and IPSec. It is necessary to build VPN systems around mobility, productivity and policy needs, rather than limit these with a biased technology choice.