Forcing IPSec or SSL on a Market is Wrong

Posted: July 7, 2009 in 64-Bit, Posts

Read an interesting post on Cisco and its lack of support of the 64-bit IPSec VPN client. What was more interesting to us though, was a reader’s comment listed below the post—Robert, comment no. 7.

Robert disagrees with blogger, Greg Ferro’s post, and believes Cisco is going in the right direction with its support of SSL. “IPSec was never designed to be a user VPN solution,” says Robert. “Anyone [who] has to deal with multiple VPN clients, [knows] it’s a pain because of where IPSec is inserted into the stack.”

We disagree! IPSec’s historic downside has been the complexity created by so much flexibility (Robert’s point). But this has been fixed. However, the bigger picture here is that supporting solely SSL or IPSec is not good enough. Arguments for both SSL and IPSec have been an on-going debate for some time now, and there is a clear argument for the use of both, under different situations. One or the other does not apply.

Regardless of a user’s access, an enterprise solution should support both SSL and IPSec. It is necessary to build VPN systems around mobility, productivity and policy needs, rather than limit these with a biased technology choice.

  1. […] Posts NCPs Jochen Gundelfinger extended his thoughts with us on last week’s post, Forcing IPSec or SSL on a Market is Wrong.  Here is what Jochen […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s